Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Sample Data/Custom/AIX_Audit_CL.json

166013 строки
4.7 MiB
Executable File
Исходник Ответственный История

[
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 10551358,
"ParentPID": 11010186,
"Thread": 37879989,
"EventTime": "2021-09-06T10:54:18.603147-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T10:54:18.915686-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 10551358,
"ParentPID": 11010186,
"Thread": 37879989,
"EventTime": "2021-09-06T10:54:18.603147-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T10:54:18.916098-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 10551358,
"ParentPID": 11010186,
"Thread": 37879989,
"EventTime": "2021-09-06T10:54:18.614826-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T10:54:18.916422-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 10551358,
"ParentPID": 11010186,
"Thread": 37879989,
"EventTime": "2021-09-06T10:54:18.614826-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T10:54:18.916747-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 10551358,
"ParentPID": 11010186,
"Thread": 37879989,
"EventTime": "2021-09-06T10:54:18.614826-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T10:54:18.917065-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 10551358,
"ParentPID": 11010186,
"Thread": 37879989,
"EventTime": "2021-09-06T10:54:18.614826-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T10:54:18.917378-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 10551360,
"ParentPID": 9371720,
"Thread": 37879991,
"EventTime": "2021-09-06T10:54:36.025917-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T10:54:36.349213-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 10551360,
"ParentPID": 9371720,
"Thread": 37879991,
"EventTime": "2021-09-06T10:54:36.025917-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T10:54:36.349552-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 10551360,
"ParentPID": 9371720,
"Thread": 37879991,
"EventTime": "2021-09-06T10:54:36.032891-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T10:54:36.349914-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 10551360,
"ParentPID": 9371720,
"Thread": 37879991,
"EventTime": "2021-09-06T10:54:36.032891-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T10:54:36.350225-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 10551360,
"ParentPID": 9371720,
"Thread": 37879991,
"EventTime": "2021-09-06T10:54:36.040340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T10:54:36.350604-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 10551360,
"ParentPID": 9371720,
"Thread": 37879991,
"EventTime": "2021-09-06T10:54:36.040340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T10:54:36.350911-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object write event detected /etc/security/audit/config",
"Status": 0,
"EventType": "AUD_CONFIG_WR",
"Command": "vi",
"PID": 10551360,
"ParentPID": 9371720,
"Thread": 37879991,
"EventTime": "2021-09-06T10:54:51.499365-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T10:54:51.685356-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 10551362,
"ParentPID": 9371720,
"Thread": 37879993,
"EventTime": "2021-09-06T10:54:59.840567-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T10:55:00.109768-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 10551362,
"ParentPID": 9371720,
"Thread": 37879993,
"EventTime": "2021-09-06T10:54:59.840567-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T10:55:00.110097-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 10551362,
"ParentPID": 9371720,
"Thread": 37879993,
"EventTime": "2021-09-06T10:54:59.852801-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T10:55:00.110435-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 10551362,
"ParentPID": 9371720,
"Thread": 37879993,
"EventTime": "2021-09-06T10:54:59.852801-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T10:55:00.110731-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 10551362,
"ParentPID": 9371720,
"Thread": 37879993,
"EventTime": "2021-09-06T10:54:59.852801-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T10:55:00.111014-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 10551362,
"ParentPID": 9371720,
"Thread": 37879993,
"EventTime": "2021-09-06T10:54:59.852801-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T10:55:00.111290-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 4718698,
"ParentPID": 6684890,
"Thread": 35258403,
"EventTime": "2021-09-06T11:00:00.230027-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:00:00.415587-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 4718698,
"ParentPID": 6684890,
"Thread": 35258403,
"EventTime": "2021-09-06T11:00:00.230027-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:00:00.416294-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 10:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 4718698,
"ParentPID": 6684890,
"Thread": 35258403,
"EventTime": "2021-09-06T11:00:00.230027-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:00:00.416968-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 4718698,
"ParentPID": 6684890,
"Thread": 35258403,
"EventTime": "2021-09-06T11:00:00.230027-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:00:00.417625-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718700,
"ParentPID": 5439688,
"Thread": 48037971,
"EventTime": "2021-09-06T11:00:08.083941-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:00:08.235026-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8978666.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8978666,
"ParentPID": 4718700,
"Thread": 22937725,
"EventTime": "2021-09-06T11:00:08.093944-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:00:08.235770-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8978666",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10747940,
"ParentPID": 8978666,
"Thread": 43843685,
"EventTime": "2021-09-06T11:00:08.126693-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:00:08.236426-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10747940,
"ParentPID": 8978666,
"Thread": 43843685,
"EventTime": "2021-09-06T11:00:08.135233-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:00:08.537349-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10747944aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10747944,
"ParentPID": 8978666,
"Thread": 43843689,
"EventTime": "2021-09-06T11:00:08.143963-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:00:08.538094-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10747944aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10747944,
"ParentPID": 8978666,
"Thread": 43843689,
"EventTime": "2021-09-06T11:00:08.143963-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:00:08.538790-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10747944aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10747944,
"ParentPID": 8978666,
"Thread": 43843689,
"EventTime": "2021-09-06T11:00:08.148341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:00:08.539491-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8978666/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10747950,
"ParentPID": 8978666,
"Thread": 43843695,
"EventTime": "2021-09-06T11:00:08.158348-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:00:08.540138-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8978666",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10747952,
"ParentPID": 8978666,
"Thread": 43843697,
"EventTime": "2021-09-06T11:00:08.158348-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:00:08.540778-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8978668,
"ParentPID": 4718700,
"Thread": 22937727,
"EventTime": "2021-09-06T11:00:08.163969-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:00:08.541422-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8978668,
"ParentPID": 4718700,
"Thread": 22937727,
"EventTime": "2021-09-06T11:00:08.163969-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:00:08.542062-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sshd",
"PID": 4718700,
"ParentPID": 5439688,
"Thread": 48037971,
"EventTime": "2021-09-06T11:00:09.428361-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:00:09.749167-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sshd",
"PID": 4718700,
"ParentPID": 5439688,
"Thread": 48037971,
"EventTime": "2021-09-06T11:00:09.428361-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:00:09.749931-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sshd",
"PID": 4718700,
"ParentPID": 5439688,
"Thread": 48037971,
"EventTime": "2021-09-06T11:00:09.428361-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:00:09.750592-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8978672,
"ParentPID": 5439688,
"Thread": 30605391,
"EventTime": "2021-09-06T11:01:48.995340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:01:49.506620-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh4718704.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 4718704,
"ParentPID": 8978672,
"Thread": 47710349,
"EventTime": "2021-09-06T11:01:49.005340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:01:49.507368-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.4718704",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10747968,
"ParentPID": 4718704,
"Thread": 14483475,
"EventTime": "2021-09-06T11:01:49.041524-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:01:49.508031-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10747968,
"ParentPID": 4718704,
"Thread": 14483475,
"EventTime": "2021-09-06T11:01:49.045344-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:01:49.508679-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10747972aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10747972,
"ParentPID": 4718704,
"Thread": 14483479,
"EventTime": "2021-09-06T11:01:49.057672-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:01:49.509333-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10747972aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10747972,
"ParentPID": 4718704,
"Thread": 14483479,
"EventTime": "2021-09-06T11:01:49.057672-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:01:49.509979-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10747972aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10747972,
"ParentPID": 4718704,
"Thread": 14483479,
"EventTime": "2021-09-06T11:01:49.061531-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:01:49.510621-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.4718704/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10747978,
"ParentPID": 4718704,
"Thread": 14483485,
"EventTime": "2021-09-06T11:01:49.071534-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:01:49.511258-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.4718704",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10747980,
"ParentPID": 4718704,
"Thread": 14483487,
"EventTime": "2021-09-06T11:01:49.075375-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:01:49.511892-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 4718706,
"ParentPID": 8978672,
"Thread": 47710351,
"EventTime": "2021-09-06T11:01:49.075375-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:01:49.512529-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718706,
"ParentPID": 8978672,
"Thread": 47710351,
"EventTime": "2021-09-06T11:01:49.075375-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:01:49.513174-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010813620REFqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10813620,
"ParentPID": 10551388,
"Thread": 37683433,
"EventTime": "2021-09-06T11:03:30.682341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:03:31.083289-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10551396,
"ParentPID": 9961670,
"Thread": 35651749,
"EventTime": "2021-09-06T11:03:30.702342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:03:31.084043-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10551396,
"ParentPID": 9961670,
"Thread": 35651749,
"EventTime": "2021-09-06T11:03:30.712340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:03:31.084706-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010813644SyFqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10813644,
"ParentPID": 10551398,
"Thread": 37683201,
"EventTime": "2021-09-06T11:03:30.803378-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:03:31.085348-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961672,
"ParentPID": 6684890,
"Thread": 39190595,
"EventTime": "2021-09-06T11:05:00.239967-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:05:00.641039-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961672,
"ParentPID": 6684890,
"Thread": 39190595,
"EventTime": "2021-09-06T11:05:00.239967-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:05:00.641799-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 10:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961672,
"ParentPID": 6684890,
"Thread": 39190595,
"EventTime": "2021-09-06T11:05:00.239967-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:05:00.642464-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961672,
"ParentPID": 6684890,
"Thread": 39190595,
"EventTime": "2021-09-06T11:05:00.239967-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:05:00.643114-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961674,
"ParentPID": 9371720,
"Thread": 40763447,
"EventTime": "2021-09-06T11:05:22.903319-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:05:23.197079-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961674,
"ParentPID": 9371720,
"Thread": 40763447,
"EventTime": "2021-09-06T11:05:22.903319-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:05:23.197485-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961674,
"ParentPID": 9371720,
"Thread": 40763447,
"EventTime": "2021-09-06T11:05:22.912880-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:05:23.197799-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961674,
"ParentPID": 9371720,
"Thread": 40763447,
"EventTime": "2021-09-06T11:05:22.912880-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:05:23.198103-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961674,
"ParentPID": 9371720,
"Thread": 40763447,
"EventTime": "2021-09-06T11:05:22.918340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:05:23.198491-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961674,
"ParentPID": 9371720,
"Thread": 40763447,
"EventTime": "2021-09-06T11:05:22.918340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:05:23.198805-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961676,
"ParentPID": 6684890,
"Thread": 43712647,
"EventTime": "2021-09-06T11:10:00.248340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:10:00.470509-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961676,
"ParentPID": 6684890,
"Thread": 43712647,
"EventTime": "2021-09-06T11:10:00.248340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:10:00.471243-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 10:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961676,
"ParentPID": 6684890,
"Thread": 43712647,
"EventTime": "2021-09-06T11:10:00.248340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:10:00.471910-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961676,
"ParentPID": 6684890,
"Thread": 43712647,
"EventTime": "2021-09-06T11:10:00.248340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:10:00.472562-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961680,
"ParentPID": 6684890,
"Thread": 35520661,
"EventTime": "2021-09-06T11:15:00.256486-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:15:00.713133-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961680,
"ParentPID": 6684890,
"Thread": 35520661,
"EventTime": "2021-09-06T11:15:00.256486-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:15:00.713870-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 10:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961680,
"ParentPID": 6684890,
"Thread": 35520661,
"EventTime": "2021-09-06T11:15:00.256486-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:15:00.714534-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961680,
"ParentPID": 6684890,
"Thread": 35520661,
"EventTime": "2021-09-06T11:15:00.256486-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:15:00.715181-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010813666MyFqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10813666,
"ParentPID": 10551408,
"Thread": 38928415,
"EventTime": "2021-09-06T11:18:30.931341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:18:31.118216-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10551416,
"ParentPID": 9961684,
"Thread": 29491237,
"EventTime": "2021-09-06T11:18:30.951340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:18:31.119061-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10551416,
"ParentPID": 9961684,
"Thread": 29491237,
"EventTime": "2021-09-06T11:18:30.951340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:18:31.119722-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010813690NeFqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10813690,
"ParentPID": 10551418,
"Thread": 38928439,
"EventTime": "2021-09-06T11:18:31.051376-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:18:31.120361-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961686,
"ParentPID": 6684890,
"Thread": 44826799,
"EventTime": "2021-09-06T11:20:00.268340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:20:00.656092-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961686,
"ParentPID": 6684890,
"Thread": 44826799,
"EventTime": "2021-09-06T11:20:00.268340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:20:00.656827-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 10:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961686,
"ParentPID": 6684890,
"Thread": 44826799,
"EventTime": "2021-09-06T11:20:00.268340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:20:00.657491-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961686,
"ParentPID": 6684890,
"Thread": 44826799,
"EventTime": "2021-09-06T11:20:00.270417-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:20:00.658142-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10813692",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10551420,
"ParentPID": 10813692,
"Thread": 35520677,
"EventTime": "2021-09-06T11:20:00.284218-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:20:00.658661-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961688,
"ParentPID": 6684890,
"Thread": 42139747,
"EventTime": "2021-09-06T11:25:00.291287-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:25:00.602015-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961688,
"ParentPID": 6684890,
"Thread": 42139747,
"EventTime": "2021-09-06T11:25:00.291287-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:25:00.602768-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 10:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961688,
"ParentPID": 6684890,
"Thread": 42139747,
"EventTime": "2021-09-06T11:25:00.291287-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:25:00.603436-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961688,
"ParentPID": 6684890,
"Thread": 42139747,
"EventTime": "2021-09-06T11:25:00.291287-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:25:00.604087-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961696,
"ParentPID": 6684890,
"Thread": 31588567,
"EventTime": "2021-09-06T11:30:00.300668-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:30:00.802446-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961696,
"ParentPID": 6684890,
"Thread": 31588567,
"EventTime": "2021-09-06T11:30:00.300668-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:30:00.803227-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 10:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961696,
"ParentPID": 6684890,
"Thread": 31588567,
"EventTime": "2021-09-06T11:30:00.300668-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:30:00.803904-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961696,
"ParentPID": 6684890,
"Thread": 31588567,
"EventTime": "2021-09-06T11:30:00.303964-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:30:00.804563-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-06T11:33:13.822349-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:33:14.369321-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010551442HeEqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10551442,
"ParentPID": 10813448,
"Thread": 30998697,
"EventTime": "2021-09-06T11:33:31.170341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:33:31.491533-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10813456,
"ParentPID": 9961704,
"Thread": 44368013,
"EventTime": "2021-09-06T11:33:31.198877-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:33:31.492280-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10813456,
"ParentPID": 9961704,
"Thread": 44368013,
"EventTime": "2021-09-06T11:33:31.200340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:33:31.492936-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11468862,
"ParentPID": 9371720,
"Thread": 35455141,
"EventTime": "2021-09-06T11:36:34.228341-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:36:34.449323-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11468862,
"ParentPID": 9371720,
"Thread": 35455141,
"EventTime": "2021-09-06T11:36:34.228341-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:36:34.449617-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11468862,
"ParentPID": 9371720,
"Thread": 35455141,
"EventTime": "2021-09-06T11:36:34.242387-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:36:34.449925-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11468862,
"ParentPID": 9371720,
"Thread": 35455141,
"EventTime": "2021-09-06T11:36:34.242387-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:36:34.450196-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11468862,
"ParentPID": 9371720,
"Thread": 35455141,
"EventTime": "2021-09-06T11:36:34.242387-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:36:34.450445-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11468862,
"ParentPID": 9371720,
"Thread": 35455141,
"EventTime": "2021-09-06T11:36:34.242387-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:36:34.450698-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11468866,
"ParentPID": 9371720,
"Thread": 35455145,
"EventTime": "2021-09-06T11:37:42.932340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:37:42.960883-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11468866,
"ParentPID": 9371720,
"Thread": 35455145,
"EventTime": "2021-09-06T11:37:42.932340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:37:42.961158-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11468866,
"ParentPID": 9371720,
"Thread": 35455145,
"EventTime": "2021-09-06T11:37:42.948197-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:37:42.961405-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11468866,
"ParentPID": 9371720,
"Thread": 35455145,
"EventTime": "2021-09-06T11:37:42.948197-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:37:42.961642-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11468866,
"ParentPID": 9371720,
"Thread": 35455145,
"EventTime": "2021-09-06T11:37:42.948197-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:37:42.961888-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11468866,
"ParentPID": 9371720,
"Thread": 35455145,
"EventTime": "2021-09-06T11:37:42.948197-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:37:42.962123-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 11337742,
"ParentPID": 9961710,
"Thread": 33161235,
"EventTime": "2021-09-06T11:37:42.968203-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:37:43.263335-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11468868,
"ParentPID": 9371720,
"Thread": 45285555,
"EventTime": "2021-09-06T11:38:11.341340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:38:11.531738-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11468868,
"ParentPID": 9371720,
"Thread": 45285555,
"EventTime": "2021-09-06T11:38:11.341340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:38:11.532022-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11468868,
"ParentPID": 9371720,
"Thread": 45285555,
"EventTime": "2021-09-06T11:38:11.351340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:38:11.532309-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11468868,
"ParentPID": 9371720,
"Thread": 45285555,
"EventTime": "2021-09-06T11:38:11.351340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:38:11.532607-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11468868,
"ParentPID": 9371720,
"Thread": 45285555,
"EventTime": "2021-09-06T11:38:11.357727-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:38:11.532860-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11468868,
"ParentPID": 9371720,
"Thread": 45285555,
"EventTime": "2021-09-06T11:38:11.357727-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:38:11.533115-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11468870,
"ParentPID": 9371720,
"Thread": 27197449,
"EventTime": "2021-09-06T11:39:05.559340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:39:05.617756-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11468870,
"ParentPID": 9371720,
"Thread": 27197449,
"EventTime": "2021-09-06T11:39:05.559340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:39:05.618040-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11468870,
"ParentPID": 9371720,
"Thread": 27197449,
"EventTime": "2021-09-06T11:39:05.569341-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:39:05.618292-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11468870,
"ParentPID": 9371720,
"Thread": 27197449,
"EventTime": "2021-09-06T11:39:05.569341-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:39:05.618587-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11468870,
"ParentPID": 9371720,
"Thread": 27197449,
"EventTime": "2021-09-06T11:39:05.572206-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:39:05.618824-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11468870,
"ParentPID": 9371720,
"Thread": 27197449,
"EventTime": "2021-09-06T11:39:05.572206-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:39:05.619058-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11468872,
"ParentPID": 9371720,
"Thread": 37814493,
"EventTime": "2021-09-06T11:39:42.848340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:39:42.881235-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11468872,
"ParentPID": 9371720,
"Thread": 37814493,
"EventTime": "2021-09-06T11:39:42.848340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:39:42.881518-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11468872,
"ParentPID": 9371720,
"Thread": 37814493,
"EventTime": "2021-09-06T11:39:42.858340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:39:42.881823-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11468872,
"ParentPID": 9371720,
"Thread": 37814493,
"EventTime": "2021-09-06T11:39:42.858340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:39:42.882066-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11468872,
"ParentPID": 9371720,
"Thread": 37814493,
"EventTime": "2021-09-06T11:39:42.858340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:39:42.882302-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11468872,
"ParentPID": 9371720,
"Thread": 37814493,
"EventTime": "2021-09-06T11:39:42.858340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:39:42.882537-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468874,
"ParentPID": 6684890,
"Thread": 37814495,
"EventTime": "2021-09-06T11:40:00.319685-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:40:00.326232-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468874,
"ParentPID": 6684890,
"Thread": 37814495,
"EventTime": "2021-09-06T11:40:00.321128-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:40:00.326937-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468874,
"ParentPID": 6684890,
"Thread": 37814495,
"EventTime": "2021-09-06T11:40:00.321128-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:40:00.327628-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468874,
"ParentPID": 6684890,
"Thread": 37814495,
"EventTime": "2021-09-06T11:40:00.321128-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:40:00.328280-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961716,
"ParentPID": 9371720,
"Thread": 44761229,
"EventTime": "2021-09-06T11:41:15.969044-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:41:16.034992-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961716,
"ParentPID": 9371720,
"Thread": 44761229,
"EventTime": "2021-09-06T11:41:15.969044-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:41:16.035280-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961716,
"ParentPID": 9371720,
"Thread": 44761229,
"EventTime": "2021-09-06T11:41:15.983066-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:41:16.035548-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961716,
"ParentPID": 9371720,
"Thread": 44761229,
"EventTime": "2021-09-06T11:41:15.983066-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:41:16.035792-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961716,
"ParentPID": 9371720,
"Thread": 44761229,
"EventTime": "2021-09-06T11:41:15.989183-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:41:16.036030-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961716,
"ParentPID": 9371720,
"Thread": 44761229,
"EventTime": "2021-09-06T11:41:15.989183-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:41:16.036323-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961724,
"ParentPID": 9371720,
"Thread": 25559243,
"EventTime": "2021-09-06T11:42:09.467154-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:42:09.524985-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961724,
"ParentPID": 9371720,
"Thread": 25559243,
"EventTime": "2021-09-06T11:42:09.467154-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:42:09.525269-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961724,
"ParentPID": 9371720,
"Thread": 25559243,
"EventTime": "2021-09-06T11:42:09.477156-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:42:09.525522-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961724,
"ParentPID": 9371720,
"Thread": 25559243,
"EventTime": "2021-09-06T11:42:09.477156-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:42:09.525817-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961724,
"ParentPID": 9371720,
"Thread": 25559243,
"EventTime": "2021-09-06T11:42:09.483340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:42:09.526053-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961724,
"ParentPID": 9371720,
"Thread": 25559243,
"EventTime": "2021-09-06T11:42:09.483340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:42:09.526289-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961472,
"ParentPID": 6684890,
"Thread": 30670875,
"EventTime": "2021-09-06T11:45:00.327340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:45:00.525272-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961472,
"ParentPID": 6684890,
"Thread": 30670875,
"EventTime": "2021-09-06T11:45:00.327340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:45:00.526097-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961472,
"ParentPID": 6684890,
"Thread": 30670875,
"EventTime": "2021-09-06T11:45:00.333852-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:45:00.526760-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961472,
"ParentPID": 6684890,
"Thread": 30670875,
"EventTime": "2021-09-06T11:45:00.333852-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:45:00.527476-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11337764,
"ParentPID": 11468886,
"Thread": 40435717,
"EventTime": "2021-09-06T11:48:31.410340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:48:31.475940-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11468894,
"ParentPID": 9961474,
"Thread": 32571509,
"EventTime": "2021-09-06T11:48:31.430340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:48:31.476600-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11468894,
"ParentPID": 9961474,
"Thread": 32571509,
"EventTime": "2021-09-06T11:48:31.436785-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:48:31.477245-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11337788,
"ParentPID": 11468896,
"Thread": 40435741,
"EventTime": "2021-09-06T11:48:31.530343-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:48:31.778236-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961476,
"ParentPID": 6684890,
"Thread": 47579371,
"EventTime": "2021-09-06T11:50:00.337342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:50:00.433077-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961476,
"ParentPID": 6684890,
"Thread": 47579371,
"EventTime": "2021-09-06T11:50:00.337342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:50:00.433812-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961476,
"ParentPID": 6684890,
"Thread": 47579371,
"EventTime": "2021-09-06T11:50:00.344179-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:50:00.434460-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961476,
"ParentPID": 6684890,
"Thread": 47579371,
"EventTime": "2021-09-06T11:50:00.344179-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:50:00.435107-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961478,
"ParentPID": 9371720,
"Thread": 41746545,
"EventTime": "2021-09-06T11:54:23.978340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:54:24.011432-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961478,
"ParentPID": 9371720,
"Thread": 41746545,
"EventTime": "2021-09-06T11:54:23.978340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:54:24.011711-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961478,
"ParentPID": 9371720,
"Thread": 41746545,
"EventTime": "2021-09-06T11:54:23.988340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:54:24.011961-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961478,
"ParentPID": 9371720,
"Thread": 41746545,
"EventTime": "2021-09-06T11:54:23.988340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:54:24.012206-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961478,
"ParentPID": 9371720,
"Thread": 41746545,
"EventTime": "2021-09-06T11:54:23.988340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:54:24.012451-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961478,
"ParentPID": 9371720,
"Thread": 41746545,
"EventTime": "2021-09-06T11:54:23.988340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:54:24.012696-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 8913032,
"ParentPID": 11337790,
"Thread": 44236927,
"EventTime": "2021-09-06T11:54:24.010880-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:54:24.318921-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961482,
"ParentPID": 9371720,
"Thread": 41746549,
"EventTime": "2021-09-06T11:54:50.321979-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:54:50.478482-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961482,
"ParentPID": 9371720,
"Thread": 41746549,
"EventTime": "2021-09-06T11:54:50.321979-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:54:50.478762-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961482,
"ParentPID": 9371720,
"Thread": 41746549,
"EventTime": "2021-09-06T11:54:50.337340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:54:50.479015-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961482,
"ParentPID": 9371720,
"Thread": 41746549,
"EventTime": "2021-09-06T11:54:50.337340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:54:50.479326-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961482,
"ParentPID": 9371720,
"Thread": 41746549,
"EventTime": "2021-09-06T11:54:50.337340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:54:50.479572-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961482,
"ParentPID": 9371720,
"Thread": 41746549,
"EventTime": "2021-09-06T11:54:50.337340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:54:50.479820-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961486,
"ParentPID": 6684890,
"Thread": 41746553,
"EventTime": "2021-09-06T11:55:00.350340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:55:00.389246-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961486,
"ParentPID": 6684890,
"Thread": 41746553,
"EventTime": "2021-09-06T11:55:00.350340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:55:00.389983-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961486,
"ParentPID": 6684890,
"Thread": 41746553,
"EventTime": "2021-09-06T11:55:00.350340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:55:00.390641-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961486,
"ParentPID": 6684890,
"Thread": 41746553,
"EventTime": "2021-09-06T11:55:00.350340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:55:00.391305-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9961488,
"ParentPID": 5439688,
"Thread": 41746561,
"EventTime": "2021-09-06T11:56:13.396484-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:56:13.427126-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11337792,
"ParentPID": 9961488,
"Thread": 37880013,
"EventTime": "2021-09-06T11:56:13.403990-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:56:13.427812-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 8913048,
"ParentPID": 11337792,
"Thread": 44236943,
"EventTime": "2021-09-06T11:56:13.434003-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:56:13.735142-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 8913048,
"ParentPID": 11337792,
"Thread": 44236943,
"EventTime": "2021-09-06T11:56:13.444341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:56:13.735886-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8913052,
"ParentPID": 11337792,
"Thread": 44236947,
"EventTime": "2021-09-06T11:56:13.456846-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:56:13.736543-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8913052,
"ParentPID": 11337792,
"Thread": 44236947,
"EventTime": "2021-09-06T11:56:13.456846-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:56:13.737194-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8913052,
"ParentPID": 11337792,
"Thread": 44236947,
"EventTime": "2021-09-06T11:56:13.456846-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:56:13.737839-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 8913058,
"ParentPID": 11337792,
"Thread": 44236953,
"EventTime": "2021-09-06T11:56:13.464341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:56:13.738487-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 8913060,
"ParentPID": 11337792,
"Thread": 44236955,
"EventTime": "2021-09-06T11:56:13.474343-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:56:13.739126-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11337794,
"ParentPID": 9961488,
"Thread": 37880015,
"EventTime": "2021-09-06T11:56:13.476610-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:56:13.739769-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11337794,
"ParentPID": 9961488,
"Thread": 37880015,
"EventTime": "2021-09-06T11:56:13.476610-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T11:56:13.740406-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11337798,
"ParentPID": 6684890,
"Thread": 44236961,
"EventTime": "2021-09-06T12:00:00.365080-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:00:00.628902-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11337798,
"ParentPID": 6684890,
"Thread": 44236961,
"EventTime": "2021-09-06T12:00:00.365080-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:00:00.629766-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11337798,
"ParentPID": 6684890,
"Thread": 44236961,
"EventTime": "2021-09-06T12:00:00.365080-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:00:00.630459-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961492,
"ParentPID": 6684890,
"Thread": 28836013,
"EventTime": "2021-09-06T12:00:00.367340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:00:00.631156-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961492,
"ParentPID": 6684890,
"Thread": 28836013,
"EventTime": "2021-09-06T12:00:00.367340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:00:00.631810-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961492,
"ParentPID": 6684890,
"Thread": 28836013,
"EventTime": "2021-09-06T12:00:00.367340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:00:00.632460-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961492,
"ParentPID": 6684890,
"Thread": 28836013,
"EventTime": "2021-09-06T12:00:00.375082-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:00:00.633108-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11337798,
"ParentPID": 6684890,
"Thread": 44236961,
"EventTime": "2021-09-06T12:00:00.377341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:00:00.633756-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961494,
"ParentPID": 9371720,
"Thread": 31457381,
"EventTime": "2021-09-06T12:00:18.214372-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:00:18.379400-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961494,
"ParentPID": 9371720,
"Thread": 31457381,
"EventTime": "2021-09-06T12:00:18.214372-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:00:18.379694-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961494,
"ParentPID": 9371720,
"Thread": 31457381,
"EventTime": "2021-09-06T12:00:18.226785-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:00:18.379994-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961494,
"ParentPID": 9371720,
"Thread": 31457381,
"EventTime": "2021-09-06T12:00:18.226785-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:00:18.380257-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961494,
"ParentPID": 9371720,
"Thread": 31457381,
"EventTime": "2021-09-06T12:00:18.226785-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:00:18.380504-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 9961494,
"ParentPID": 9371720,
"Thread": 31457381,
"EventTime": "2021-09-06T12:00:18.226785-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:00:18.380748-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11337802,
"ParentPID": 9371720,
"Thread": 29491253,
"EventTime": "2021-09-06T12:00:38.952257-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:00:39.145568-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11337802,
"ParentPID": 9371720,
"Thread": 29491253,
"EventTime": "2021-09-06T12:00:38.952257-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:00:39.145862-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11337802,
"ParentPID": 9371720,
"Thread": 29491253,
"EventTime": "2021-09-06T12:00:38.960600-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:00:39.146119-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11337802,
"ParentPID": 9371720,
"Thread": 29491253,
"EventTime": "2021-09-06T12:00:38.960600-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:00:39.146428-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11337802,
"ParentPID": 9371720,
"Thread": 29491253,
"EventTime": "2021-09-06T12:00:38.965341-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:00:39.146675-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11337802,
"ParentPID": 9371720,
"Thread": 29491253,
"EventTime": "2021-09-06T12:00:38.965341-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:00:39.146919-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11337806,
"ParentPID": 9371720,
"Thread": 40239133,
"EventTime": "2021-09-06T12:01:32.863340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:01:32.942185-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11337806,
"ParentPID": 9371720,
"Thread": 40239133,
"EventTime": "2021-09-06T12:01:32.863340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:01:32.942480-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11337806,
"ParentPID": 9371720,
"Thread": 40239133,
"EventTime": "2021-09-06T12:01:32.873340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:01:32.942737-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11337806,
"ParentPID": 9371720,
"Thread": 40239133,
"EventTime": "2021-09-06T12:01:32.873340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:01:32.943039-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11337806,
"ParentPID": 9371720,
"Thread": 40239133,
"EventTime": "2021-09-06T12:01:32.873340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:01:32.943285-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11337806,
"ParentPID": 9371720,
"Thread": 40239133,
"EventTime": "2021-09-06T12:01:32.873340-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:01:32.943568-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11337816,
"ParentPID": 9371720,
"Thread": 29491267,
"EventTime": "2021-09-06T12:02:53.064278-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:02:53.162336-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11337816,
"ParentPID": 9371720,
"Thread": 29491267,
"EventTime": "2021-09-06T12:02:53.064278-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:02:53.162632-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11337816,
"ParentPID": 9371720,
"Thread": 29491267,
"EventTime": "2021-09-06T12:02:53.074281-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:02:53.162942-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11337816,
"ParentPID": 9371720,
"Thread": 29491267,
"EventTime": "2021-09-06T12:02:53.074281-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:02:53.163204-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11337816,
"ParentPID": 9371720,
"Thread": 29491267,
"EventTime": "2021-09-06T12:02:53.074281-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:02:53.163458-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 11337816,
"ParentPID": 9371720,
"Thread": 29491267,
"EventTime": "2021-09-06T12:02:53.074281-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:02:53.163704-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 8913064,
"ParentPID": 9961498,
"Thread": 41025641,
"EventTime": "2021-09-06T12:02:53.094291-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:02:53.164180-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008913086779aaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8913086,
"ParentPID": 11337828,
"Thread": 29950095,
"EventTime": "2021-09-06T12:03:31.659342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:03:31.751197-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11337836,
"ParentPID": 10813490,
"Thread": 31326267,
"EventTime": "2021-09-06T12:03:31.679340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:03:31.751969-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11337836,
"ParentPID": 10813490,
"Thread": 31326267,
"EventTime": "2021-09-06T12:03:31.682599-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:03:31.752693-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00089131108m9aaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8913110,
"ParentPID": 11337838,
"Thread": 29950119,
"EventTime": "2021-09-06T12:03:31.769340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:03:32.053543-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10813492,
"ParentPID": 6684890,
"Thread": 28836025,
"EventTime": "2021-09-06T12:05:00.401318-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:05:00.682898-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10813492,
"ParentPID": 6684890,
"Thread": 28836025,
"EventTime": "2021-09-06T12:05:00.401318-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:05:00.683635-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 11:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10813492,
"ParentPID": 6684890,
"Thread": 28836025,
"EventTime": "2021-09-06T12:05:00.401318-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:05:00.684306-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10813492,
"ParentPID": 6684890,
"Thread": 28836025,
"EventTime": "2021-09-06T12:05:00.401318-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:05:00.684963-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10813494,
"ParentPID": 5439688,
"Thread": 37617859,
"EventTime": "2021-09-06T12:07:43.634612-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:07:43.858065-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11337840.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11337840,
"ParentPID": 10813494,
"Thread": 41746573,
"EventTime": "2021-09-06T12:07:43.651376-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:07:43.858765-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11337840",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10617014,
"ParentPID": 11337840,
"Thread": 44236981,
"EventTime": "2021-09-06T12:07:43.684630-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:07:43.859427-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10617014,
"ParentPID": 11337840,
"Thread": 44236981,
"EventTime": "2021-09-06T12:07:43.691341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:07:43.860072-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10617018aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10617018,
"ParentPID": 11337840,
"Thread": 44236985,
"EventTime": "2021-09-06T12:07:43.701397-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:07:43.860731-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10617018aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10617018,
"ParentPID": 11337840,
"Thread": 44236985,
"EventTime": "2021-09-06T12:07:43.706798-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:07:43.861473-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10617018aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10617018,
"ParentPID": 11337840,
"Thread": 44236985,
"EventTime": "2021-09-06T12:07:43.706798-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:07:43.862152-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11337840/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10617020,
"ParentPID": 11337840,
"Thread": 44236987,
"EventTime": "2021-09-06T12:07:43.714640-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:07:43.862879-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11337840",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10617022,
"ParentPID": 11337840,
"Thread": 44236989,
"EventTime": "2021-09-06T12:07:43.714640-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:07:43.863536-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11337842,
"ParentPID": 10813494,
"Thread": 41746575,
"EventTime": "2021-09-06T12:07:43.721341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:07:43.864184-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11337842,
"ParentPID": 10813494,
"Thread": 41746575,
"EventTime": "2021-09-06T12:07:43.721341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:07:43.864822-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10813496,
"ParentPID": 6684890,
"Thread": 29491289,
"EventTime": "2021-09-06T12:10:00.404623-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:10:00.585907-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10813496,
"ParentPID": 6684890,
"Thread": 29491289,
"EventTime": "2021-09-06T12:10:00.404623-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:10:00.586665-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 11:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10813496,
"ParentPID": 6684890,
"Thread": 29491289,
"EventTime": "2021-09-06T12:10:00.411669-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:10:00.587398-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10813496,
"ParentPID": 6684890,
"Thread": 29491289,
"EventTime": "2021-09-06T12:10:00.413218-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:10:00.588063-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10813498,
"ParentPID": 6684890,
"Thread": 44236997,
"EventTime": "2021-09-06T12:15:00.419570-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:15:00.507365-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10813498,
"ParentPID": 6684890,
"Thread": 44236997,
"EventTime": "2021-09-06T12:15:00.419570-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:15:00.508107-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 11:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10813498,
"ParentPID": 6684890,
"Thread": 44236997,
"EventTime": "2021-09-06T12:15:00.419570-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:15:00.508779-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10813498,
"ParentPID": 6684890,
"Thread": 44236997,
"EventTime": "2021-09-06T12:15:00.419570-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:15:00.509436-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 10813502,
"ParentPID": 9371720,
"Thread": 40566827,
"EventTime": "2021-09-06T12:17:03.492529-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:17:03.740552-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 10813502,
"ParentPID": 9371720,
"Thread": 40566827,
"EventTime": "2021-09-06T12:17:03.492529-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:17:03.740952-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 10813502,
"ParentPID": 9371720,
"Thread": 40566827,
"EventTime": "2021-09-06T12:17:03.502531-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:17:03.741269-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 10813502,
"ParentPID": 9371720,
"Thread": 40566827,
"EventTime": "2021-09-06T12:17:03.502531-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:17:03.741578-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 10813502,
"ParentPID": 9371720,
"Thread": 40566827,
"EventTime": "2021-09-06T12:17:03.502531-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:17:03.741885-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sudo_32",
"PID": 10813502,
"ParentPID": 9371720,
"Thread": 40566827,
"EventTime": "2021-09-06T12:17:03.502531-04:00",
"Login": "builder",
"Real": "builder",
"LoginUID": 206,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:17:03.742193-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10617028,
"ParentPID": 6684890,
"Thread": 42139773,
"EventTime": "2021-09-06T12:20:00.430714-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:20:00.558381-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10617028,
"ParentPID": 6684890,
"Thread": 42139773,
"EventTime": "2021-09-06T12:20:00.430714-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:20:00.559111-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 11:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10617028,
"ParentPID": 6684890,
"Thread": 42139773,
"EventTime": "2021-09-06T12:20:00.430714-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:20:00.559799-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10617028,
"ParentPID": 6684890,
"Thread": 42139773,
"EventTime": "2021-09-06T12:20:00.430714-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:20:00.560472-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10617032,
"ParentPID": 6684890,
"Thread": 39321833,
"EventTime": "2021-09-06T12:25:00.439603-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:25:00.455500-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10617032,
"ParentPID": 6684890,
"Thread": 39321833,
"EventTime": "2021-09-06T12:25:00.439603-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:25:00.456254-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 11:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10617032,
"ParentPID": 6684890,
"Thread": 39321833,
"EventTime": "2021-09-06T12:25:00.439603-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:25:00.456964-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10617032,
"ParentPID": 6684890,
"Thread": 39321833,
"EventTime": "2021-09-06T12:25:00.439603-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:25:00.457682-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10617034,
"ParentPID": 6684890,
"Thread": 39321849,
"EventTime": "2021-09-06T12:30:00.449270-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:30:00.679544-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10617034,
"ParentPID": 6684890,
"Thread": 39321849,
"EventTime": "2021-09-06T12:30:00.449270-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:30:00.680305-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 11:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10617034,
"ParentPID": 6684890,
"Thread": 39321849,
"EventTime": "2021-09-06T12:30:00.449270-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:30:00.680976-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10617034,
"ParentPID": 6684890,
"Thread": 39321849,
"EventTime": "2021-09-06T12:30:00.449270-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:30:00.681641-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-06T12:33:13.697272-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:33:13.922204-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010813552vUFqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10813552,
"ParentPID": 9961518,
"Thread": 27197479,
"EventTime": "2021-09-06T12:33:32.138341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:33:32.266274-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9961526,
"ParentPID": 10617038,
"Thread": 47972429,
"EventTime": "2021-09-06T12:33:32.158341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:33:32.266992-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9961526,
"ParentPID": 10617038,
"Thread": 47972429,
"EventTime": "2021-09-06T12:33:32.158341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:33:32.267652-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010813576wEFqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10813576,
"ParentPID": 9961528,
"Thread": 27197503,
"EventTime": "2021-09-06T12:33:32.258340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:33:32.268302-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10617040,
"ParentPID": 6684890,
"Thread": 39321605,
"EventTime": "2021-09-06T12:35:00.455344-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:35:00.611551-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10617040,
"ParentPID": 6684890,
"Thread": 39321605,
"EventTime": "2021-09-06T12:35:00.455344-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:35:00.612310-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 11:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10617040,
"ParentPID": 6684890,
"Thread": 39321605,
"EventTime": "2021-09-06T12:35:00.460347-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:35:00.612988-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10617040,
"ParentPID": 6684890,
"Thread": 39321605,
"EventTime": "2021-09-06T12:35:00.460347-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:35:00.613651-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10617042,
"ParentPID": 6684890,
"Thread": 44957759,
"EventTime": "2021-09-06T12:40:00.465341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:40:00.560803-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10617042,
"ParentPID": 6684890,
"Thread": 44957759,
"EventTime": "2021-09-06T12:40:00.465341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:40:00.561559-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 11:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10617042,
"ParentPID": 6684890,
"Thread": 44957759,
"EventTime": "2021-09-06T12:40:00.469790-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:40:00.562225-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10617042,
"ParentPID": 6684890,
"Thread": 44957759,
"EventTime": "2021-09-06T12:40:00.470662-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:40:00.562879-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10617044,
"ParentPID": 6684890,
"Thread": 27197507,
"EventTime": "2021-09-06T12:45:00.477114-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:45:00.490684-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10617044,
"ParentPID": 6684890,
"Thread": 27197507,
"EventTime": "2021-09-06T12:45:00.477114-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:45:00.491386-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 11:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10617044,
"ParentPID": 6684890,
"Thread": 27197507,
"EventTime": "2021-09-06T12:45:00.477114-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:45:00.492055-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10617044,
"ParentPID": 6684890,
"Thread": 27197507,
"EventTime": "2021-09-06T12:45:00.477114-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:45:00.492711-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010813598qAFqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10813598,
"ParentPID": 9961538,
"Thread": 39452701,
"EventTime": "2021-09-06T12:48:32.383687-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:48:32.662014-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9961546,
"ParentPID": 10617046,
"Thread": 44171439,
"EventTime": "2021-09-06T12:48:32.403694-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:48:32.662756-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9961546,
"ParentPID": 10617046,
"Thread": 44171439,
"EventTime": "2021-09-06T12:48:32.408580-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:48:32.663412-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010813622ruFqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10813622,
"ParentPID": 9961548,
"Thread": 39452725,
"EventTime": "2021-09-06T12:48:32.503771-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:48:32.664057-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961550,
"ParentPID": 6684890,
"Thread": 48038001,
"EventTime": "2021-09-06T12:50:00.485341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:50:00.694427-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961550,
"ParentPID": 6684890,
"Thread": 48038001,
"EventTime": "2021-09-06T12:50:00.485341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:50:00.695125-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 11:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961550,
"ParentPID": 6684890,
"Thread": 48038001,
"EventTime": "2021-09-06T12:50:00.489816-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:50:00.695875-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961550,
"ParentPID": 6684890,
"Thread": 48038001,
"EventTime": "2021-09-06T12:50:00.490926-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:50:00.696589-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961552,
"ParentPID": 6684890,
"Thread": 33947833,
"EventTime": "2021-09-06T12:55:00.496429-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:55:00.639660-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961552,
"ParentPID": 6684890,
"Thread": 33947833,
"EventTime": "2021-09-06T12:55:00.496429-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:55:00.640407-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 11:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961552,
"ParentPID": 6684890,
"Thread": 33947833,
"EventTime": "2021-09-06T12:55:00.496429-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:55:00.641075-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961552,
"ParentPID": 6684890,
"Thread": 33947833,
"EventTime": "2021-09-06T12:55:00.496429-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T12:55:00.641728-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961554,
"ParentPID": 6684890,
"Thread": 33947849,
"EventTime": "2021-09-06T13:00:00.508273-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:00:00.569162-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961554,
"ParentPID": 6684890,
"Thread": 33947849,
"EventTime": "2021-09-06T13:00:00.518523-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:00:00.569905-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/bin/errclear -d H 90 time = Mon Aug 16 12:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961554,
"ParentPID": 6684890,
"Thread": 33947849,
"EventTime": "2021-09-06T13:00:00.518523-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:00:00.570565-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961554,
"ParentPID": 6684890,
"Thread": 33947849,
"EventTime": "2021-09-06T13:00:00.518523-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:00:00.571213-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.11534528",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 11468980,
"ParentPID": 11534528,
"Thread": 42139799,
"EventTime": "2021-09-06T13:00:00.535340-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:00:00.571867-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8913146,
"ParentPID": 6684890,
"Thread": 39321629,
"EventTime": "2021-09-06T13:00:00.538281-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:00:00.572528-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8913146,
"ParentPID": 6684890,
"Thread": 39321629,
"EventTime": "2021-09-06T13:00:00.538281-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:00:00.573173-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 12:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8913146,
"ParentPID": 6684890,
"Thread": 39321629,
"EventTime": "2021-09-06T13:00:00.538281-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:00:00.573852-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8913146,
"ParentPID": 6684890,
"Thread": 39321629,
"EventTime": "2021-09-06T13:00:00.538281-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:00:00.574507-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913150,
"ParentPID": 5439688,
"Thread": 25559293,
"EventTime": "2021-09-06T13:01:36.263409-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:01:36.423561-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8912896,
"ParentPID": 5439688,
"Thread": 25559295,
"EventTime": "2021-09-06T13:01:36.522963-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:01:36.734346-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8912898,
"ParentPID": 5439688,
"Thread": 29491321,
"EventTime": "2021-09-06T13:01:41.821589-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:01:41.858748-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8912900,
"ParentPID": 5439688,
"Thread": 29491323,
"EventTime": "2021-09-06T13:01:42.946542-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:01:43.071989-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8912902,
"ParentPID": 5439688,
"Thread": 29491325,
"EventTime": "2021-09-06T13:01:43.212852-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:01:43.377385-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8912904,
"ParentPID": 5439688,
"Thread": 29491327,
"EventTime": "2021-09-06T13:01:48.351340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:01:48.496914-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8912906,
"ParentPID": 5439688,
"Thread": 29491329,
"EventTime": "2021-09-06T13:01:53.421340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:01:53.621229-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8912908,
"ParentPID": 5439688,
"Thread": 29491331,
"EventTime": "2021-09-06T13:01:53.691340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:01:53.922150-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8912910,
"ParentPID": 5439688,
"Thread": 29491333,
"EventTime": "2021-09-06T13:01:53.957916-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:01:54.223128-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8912912,
"ParentPID": 5439688,
"Thread": 29491335,
"EventTime": "2021-09-06T13:01:54.263960-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:01:54.532187-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011534550luIaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11534550,
"ParentPID": 9961566,
"Thread": 45547739,
"EventTime": "2021-09-06T13:03:32.627340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:03:32.806045-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9961574,
"ParentPID": 8912916,
"Thread": 35323999,
"EventTime": "2021-09-06T13:03:32.655045-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:03:32.806793-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9961574,
"ParentPID": 8912916,
"Thread": 35323999,
"EventTime": "2021-09-06T13:03:32.657340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:03:32.807487-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009961596maCaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9961596,
"ParentPID": 10551452,
"Thread": 35324021,
"EventTime": "2021-09-06T13:03:32.742579-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:03:32.808146-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10617056,
"ParentPID": 6684890,
"Thread": 43253923,
"EventTime": "2021-09-06T13:05:00.560200-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:05:00.848454-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10617056,
"ParentPID": 6684890,
"Thread": 43253923,
"EventTime": "2021-09-06T13:05:00.560200-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:05:00.849160-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 12:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10617056,
"ParentPID": 6684890,
"Thread": 43253923,
"EventTime": "2021-09-06T13:05:00.560200-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:05:00.849836-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10617056,
"ParentPID": 6684890,
"Thread": 43253923,
"EventTime": "2021-09-06T13:05:00.560200-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:05:00.850498-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10617058,
"ParentPID": 5439688,
"Thread": 44564659,
"EventTime": "2021-09-06T13:05:11.481457-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:05:11.678669-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8912920.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8912920,
"ParentPID": 10617058,
"Thread": 47448085,
"EventTime": "2021-09-06T13:05:11.614368-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:05:11.679366-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8912920",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9830444,
"ParentPID": 8912920,
"Thread": 30539871,
"EventTime": "2021-09-06T13:05:11.644342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:05:11.680029-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9830444,
"ParentPID": 8912920,
"Thread": 30539871,
"EventTime": "2021-09-06T13:05:11.651828-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:05:11.680674-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9830448aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9830448,
"ParentPID": 8912920,
"Thread": 30539875,
"EventTime": "2021-09-06T13:05:11.664397-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:05:11.681315-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9830448aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9830448,
"ParentPID": 8912920,
"Thread": 30539875,
"EventTime": "2021-09-06T13:05:11.664397-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:05:11.681961-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9830448aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9830448,
"ParentPID": 8912920,
"Thread": 30539875,
"EventTime": "2021-09-06T13:05:11.664397-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:05:11.682600-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8912920/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9830450,
"ParentPID": 8912920,
"Thread": 30539877,
"EventTime": "2021-09-06T13:05:11.681837-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:05:11.983426-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8912920",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9830452,
"ParentPID": 8912920,
"Thread": 30539879,
"EventTime": "2021-09-06T13:05:11.684340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:05:11.984177-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8912922,
"ParentPID": 10617058,
"Thread": 47448087,
"EventTime": "2021-09-06T13:05:11.684340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:05:11.984883-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8912922,
"ParentPID": 10617058,
"Thread": 47448087,
"EventTime": "2021-09-06T13:05:11.684340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:05:11.985592-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10617060,
"ParentPID": 5439688,
"Thread": 42991723,
"EventTime": "2021-09-06T13:08:17.808340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:17.967725-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10617062,
"ParentPID": 5439688,
"Thread": 42991725,
"EventTime": "2021-09-06T13:08:18.072434-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:18.269514-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8912924.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8912924,
"ParentPID": 10617062,
"Thread": 23855339,
"EventTime": "2021-09-06T13:08:18.208522-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:18.270202-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8912924",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9830468,
"ParentPID": 8912924,
"Thread": 39256115,
"EventTime": "2021-09-06T13:08:18.248365-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:18.270866-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9830468,
"ParentPID": 8912924,
"Thread": 39256115,
"EventTime": "2021-09-06T13:08:18.255656-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:18.271514-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9830472aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9830472,
"ParentPID": 8912924,
"Thread": 39256119,
"EventTime": "2021-09-06T13:08:18.263109-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:18.272154-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9830472aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9830472,
"ParentPID": 8912924,
"Thread": 39256119,
"EventTime": "2021-09-06T13:08:18.265658-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:18.272797-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9830472aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9830472,
"ParentPID": 8912924,
"Thread": 39256119,
"EventTime": "2021-09-06T13:08:18.268426-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:18.574678-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8912924/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9830478,
"ParentPID": 8912924,
"Thread": 39256125,
"EventTime": "2021-09-06T13:08:18.278340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:18.575421-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8912924",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9830480,
"ParentPID": 8912924,
"Thread": 39256127,
"EventTime": "2021-09-06T13:08:18.285700-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:18.576084-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8912926,
"ParentPID": 10617062,
"Thread": 23855341,
"EventTime": "2021-09-06T13:08:18.288340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:18.576742-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8912926,
"ParentPID": 10617062,
"Thread": 23855341,
"EventTime": "2021-09-06T13:08:18.288340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:18.577392-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10617064,
"ParentPID": 5439688,
"Thread": 42991727,
"EventTime": "2021-09-06T13:08:18.698340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:18.879125-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8912928.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8912928,
"ParentPID": 10617064,
"Thread": 23855343,
"EventTime": "2021-09-06T13:08:18.838385-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:18.879865-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8912928",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9830496,
"ParentPID": 8912928,
"Thread": 39256143,
"EventTime": "2021-09-06T13:08:18.869077-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:18.880536-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9830496,
"ParentPID": 8912928,
"Thread": 39256143,
"EventTime": "2021-09-06T13:08:18.877256-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:18.881186-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9830500aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9830500,
"ParentPID": 8912928,
"Thread": 39256147,
"EventTime": "2021-09-06T13:08:18.888340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:19.188984-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9830500aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9830500,
"ParentPID": 8912928,
"Thread": 39256147,
"EventTime": "2021-09-06T13:08:18.888340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:19.189833-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9830500aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9830500,
"ParentPID": 8912928,
"Thread": 39256147,
"EventTime": "2021-09-06T13:08:18.888340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:19.190516-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8912928/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9830506,
"ParentPID": 8912928,
"Thread": 39256153,
"EventTime": "2021-09-06T13:08:18.900660-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:19.191174-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8912928",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9830508,
"ParentPID": 8912928,
"Thread": 39256155,
"EventTime": "2021-09-06T13:08:18.903639-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:19.191824-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8912930,
"ParentPID": 10617064,
"Thread": 23855345,
"EventTime": "2021-09-06T13:08:18.908725-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:19.192469-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8912930,
"ParentPID": 10617064,
"Thread": 23855345,
"EventTime": "2021-09-06T13:08:18.908725-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:19.204159-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10617066,
"ParentPID": 5439688,
"Thread": 42991729,
"EventTime": "2021-09-06T13:08:20.080531-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:20.111316-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8912932.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8912932,
"ParentPID": 10617066,
"Thread": 23855347,
"EventTime": "2021-09-06T13:08:20.218340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:20.419191-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10551492",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9961606,
"ParentPID": 10551492,
"Thread": 39321639,
"EventTime": "2021-09-06T13:08:20.240856-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:20.419773-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8912932",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9961614,
"ParentPID": 8912932,
"Thread": 39321647,
"EventTime": "2021-09-06T13:08:20.263157-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:20.420445-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9961614,
"ParentPID": 8912932,
"Thread": 39321647,
"EventTime": "2021-09-06T13:08:20.270870-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:20.421105-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961618aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961618,
"ParentPID": 8912932,
"Thread": 39321651,
"EventTime": "2021-09-06T13:08:20.280874-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:20.421762-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961618aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961618,
"ParentPID": 8912932,
"Thread": 39321651,
"EventTime": "2021-09-06T13:08:20.280874-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:20.422412-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961618aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961618,
"ParentPID": 8912932,
"Thread": 39321651,
"EventTime": "2021-09-06T13:08:20.280874-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:20.423057-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8912932/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9961620,
"ParentPID": 8912932,
"Thread": 39321653,
"EventTime": "2021-09-06T13:08:20.290876-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:20.423701-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8912932",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9961622,
"ParentPID": 8912932,
"Thread": 39321655,
"EventTime": "2021-09-06T13:08:20.298372-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:20.424344-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8912934,
"ParentPID": 10617066,
"Thread": 23855349,
"EventTime": "2021-09-06T13:08:20.300880-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:20.424990-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8912934,
"ParentPID": 10617066,
"Thread": 23855349,
"EventTime": "2021-09-06T13:08:20.300880-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:20.425630-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10617068,
"ParentPID": 5439688,
"Thread": 42991731,
"EventTime": "2021-09-06T13:08:31.214990-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:31.262404-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10617070,
"ParentPID": 5439688,
"Thread": 42991733,
"EventTime": "2021-09-06T13:08:32.615285-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:32.769548-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10617072,
"ParentPID": 5439688,
"Thread": 42991735,
"EventTime": "2021-09-06T13:08:34.005880-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:34.279276-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10617074,
"ParentPID": 5439688,
"Thread": 42991737,
"EventTime": "2021-09-06T13:08:35.387340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:35.483764-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8912936.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8912936,
"ParentPID": 10617074,
"Thread": 23855351,
"EventTime": "2021-09-06T13:08:35.518669-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:35.788152-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8912936",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9961638,
"ParentPID": 8912936,
"Thread": 39321671,
"EventTime": "2021-09-06T13:08:35.547346-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:35.788900-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9961638,
"ParentPID": 8912936,
"Thread": 39321671,
"EventTime": "2021-09-06T13:08:35.557341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:35.789566-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961642aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961642,
"ParentPID": 8912936,
"Thread": 39321675,
"EventTime": "2021-09-06T13:08:35.567340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:35.790215-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961642aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961642,
"ParentPID": 8912936,
"Thread": 39321675,
"EventTime": "2021-09-06T13:08:35.567340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:35.790862-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961642aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961642,
"ParentPID": 8912936,
"Thread": 39321675,
"EventTime": "2021-09-06T13:08:35.567340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:35.791504-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8912936/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9961648,
"ParentPID": 8912936,
"Thread": 39321681,
"EventTime": "2021-09-06T13:08:35.579160-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:35.792144-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8912936",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9961650,
"ParentPID": 8912936,
"Thread": 39321683,
"EventTime": "2021-09-06T13:08:35.583044-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:35.792782-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8912938,
"ParentPID": 10617074,
"Thread": 23855353,
"EventTime": "2021-09-06T13:08:35.587341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:35.793423-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8912938,
"ParentPID": 10617074,
"Thread": 23855353,
"EventTime": "2021-09-06T13:08:35.587341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:35.794073-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10617076,
"ParentPID": 5439688,
"Thread": 42991739,
"EventTime": "2021-09-06T13:08:36.847340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:37.000011-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8912940.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8912940,
"ParentPID": 10617076,
"Thread": 23855355,
"EventTime": "2021-09-06T13:08:36.980288-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:37.000720-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8912940",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9961666,
"ParentPID": 8912940,
"Thread": 39321699,
"EventTime": "2021-09-06T13:08:37.007340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:37.308205-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9961666,
"ParentPID": 8912940,
"Thread": 39321699,
"EventTime": "2021-09-06T13:08:37.019202-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:37.308965-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961670aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961670,
"ParentPID": 8912940,
"Thread": 39321703,
"EventTime": "2021-09-06T13:08:37.029860-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:37.309632-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961670aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961670,
"ParentPID": 8912940,
"Thread": 39321703,
"EventTime": "2021-09-06T13:08:37.029860-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:37.310286-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961670aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961670,
"ParentPID": 8912940,
"Thread": 39321703,
"EventTime": "2021-09-06T13:08:37.037342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:37.310938-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8912940/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9961672,
"ParentPID": 8912940,
"Thread": 39321705,
"EventTime": "2021-09-06T13:08:37.047371-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:37.311587-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8912940",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9961674,
"ParentPID": 8912940,
"Thread": 39321707,
"EventTime": "2021-09-06T13:08:37.047371-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:37.312230-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8912942,
"ParentPID": 10617076,
"Thread": 23855357,
"EventTime": "2021-09-06T13:08:37.047371-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:37.312876-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8912942,
"ParentPID": 10617076,
"Thread": 23855357,
"EventTime": "2021-09-06T13:08:37.057072-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:37.313518-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10617078,
"ParentPID": 5439688,
"Thread": 42991741,
"EventTime": "2021-09-06T13:08:38.317340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:38.521483-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10617080,
"ParentPID": 5439688,
"Thread": 42991743,
"EventTime": "2021-09-06T13:08:52.057340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:52.347834-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8912944.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8912944,
"ParentPID": 10617080,
"Thread": 23855359,
"EventTime": "2021-09-06T13:08:52.187340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:52.348586-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8912944",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9961690,
"ParentPID": 8912944,
"Thread": 39321723,
"EventTime": "2021-09-06T13:08:52.219394-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:52.349247-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9961690,
"ParentPID": 8912944,
"Thread": 39321723,
"EventTime": "2021-09-06T13:08:52.226427-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:52.349904-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961694aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961694,
"ParentPID": 8912944,
"Thread": 39321727,
"EventTime": "2021-09-06T13:08:52.229398-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:52.350552-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961694aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961694,
"ParentPID": 8912944,
"Thread": 39321727,
"EventTime": "2021-09-06T13:08:52.229398-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:52.351189-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961694aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961694,
"ParentPID": 8912944,
"Thread": 39321727,
"EventTime": "2021-09-06T13:08:52.239400-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:52.351825-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8912944/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9961696,
"ParentPID": 8912944,
"Thread": 39321729,
"EventTime": "2021-09-06T13:08:52.249403-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:52.352461-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8912944",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9961698,
"ParentPID": 8912944,
"Thread": 39321731,
"EventTime": "2021-09-06T13:08:52.249403-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:52.353097-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8912946,
"ParentPID": 10617080,
"Thread": 23855105,
"EventTime": "2021-09-06T13:08:52.249403-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:52.353732-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8912946,
"ParentPID": 10617080,
"Thread": 23855105,
"EventTime": "2021-09-06T13:08:52.249403-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:08:52.354370-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10617082,
"ParentPID": 6684890,
"Thread": 37355731,
"EventTime": "2021-09-06T13:10:00.568328-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:10:00.864700-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10617082,
"ParentPID": 6684890,
"Thread": 37355731,
"EventTime": "2021-09-06T13:10:00.568328-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:10:00.865466-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 12:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10617082,
"ParentPID": 6684890,
"Thread": 37355731,
"EventTime": "2021-09-06T13:10:00.568328-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:10:00.866149-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10617082,
"ParentPID": 6684890,
"Thread": 37355731,
"EventTime": "2021-09-06T13:10:00.568328-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:10:00.866811-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10616836,
"ParentPID": 6684890,
"Thread": 43188423,
"EventTime": "2021-09-06T13:15:00.578744-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:15:00.813960-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10616836,
"ParentPID": 6684890,
"Thread": 43188423,
"EventTime": "2021-09-06T13:15:00.578744-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:15:00.814710-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 12:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10616836,
"ParentPID": 6684890,
"Thread": 43188423,
"EventTime": "2021-09-06T13:15:00.578744-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:15:00.815441-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10616836,
"ParentPID": 6684890,
"Thread": 43188423,
"EventTime": "2021-09-06T13:15:00.578744-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:15:00.816106-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009961720gaCaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9961720,
"ParentPID": 8912964,
"Thread": 40828987,
"EventTime": "2021-09-06T13:18:32.867807-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:18:32.996323-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8912972,
"ParentPID": 10616838,
"Thread": 46792719,
"EventTime": "2021-09-06T13:18:32.879856-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:18:32.997023-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8912972,
"ParentPID": 10616838,
"Thread": 46792719,
"EventTime": "2021-09-06T13:18:32.887812-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:18:32.997741-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009961488gICaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9961488,
"ParentPID": 8912974,
"Thread": 40829011,
"EventTime": "2021-09-06T13:18:32.985836-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:18:32.998457-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10616840,
"ParentPID": 6684890,
"Thread": 29950129,
"EventTime": "2021-09-06T13:20:00.581608-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:20:00.742824-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10616840,
"ParentPID": 6684890,
"Thread": 29950129,
"EventTime": "2021-09-06T13:20:00.581608-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:20:00.743576-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 12:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10616840,
"ParentPID": 6684890,
"Thread": 29950129,
"EventTime": "2021-09-06T13:20:00.591611-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:20:00.744244-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10616840,
"ParentPID": 6684890,
"Thread": 29950129,
"EventTime": "2021-09-06T13:20:00.591611-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:20:00.744944-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10551312",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9830544,
"ParentPID": 10551312,
"Thread": 43188439,
"EventTime": "2021-09-06T13:20:00.604445-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:20:00.745481-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10616842,
"ParentPID": 6684890,
"Thread": 28836051,
"EventTime": "2021-09-06T13:25:00.605366-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:25:00.666331-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10616842,
"ParentPID": 6684890,
"Thread": 28836051,
"EventTime": "2021-09-06T13:25:00.605366-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:25:00.667093-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 12:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10616842,
"ParentPID": 6684890,
"Thread": 28836051,
"EventTime": "2021-09-06T13:25:00.614340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:25:00.667769-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10616842,
"ParentPID": 6684890,
"Thread": 28836051,
"EventTime": "2021-09-06T13:25:00.615384-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:25:00.668429-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10616844,
"ParentPID": 6684890,
"Thread": 36962501,
"EventTime": "2021-09-06T13:30:00.613715-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:30:00.854309-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10616844,
"ParentPID": 6684890,
"Thread": 36962501,
"EventTime": "2021-09-06T13:30:00.613715-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:30:00.855214-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 12:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10616844,
"ParentPID": 6684890,
"Thread": 36962501,
"EventTime": "2021-09-06T13:30:00.623342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:30:00.855916-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10616844,
"ParentPID": 6684890,
"Thread": 36962501,
"EventTime": "2021-09-06T13:30:00.623718-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:30:00.856591-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-06T13:33:13.577512-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:33:13.774388-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009830566aIB7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9830566,
"ParentPID": 10551324,
"Thread": 36044807,
"EventTime": "2021-09-06T13:33:33.110195-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:33:33.317220-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10551332,
"ParentPID": 10616854,
"Thread": 33030297,
"EventTime": "2021-09-06T13:33:33.126340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:33:33.317973-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10551332,
"ParentPID": 10616854,
"Thread": 33030297,
"EventTime": "2021-09-06T13:33:33.133397-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:33:33.318641-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009830590b3B7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9830590,
"ParentPID": 10551334,
"Thread": 36044831,
"EventTime": "2021-09-06T13:33:33.226340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:33:33.319298-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10616856,
"ParentPID": 6684890,
"Thread": 44826835,
"EventTime": "2021-09-06T13:35:00.631538-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:35:00.759271-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10616856,
"ParentPID": 6684890,
"Thread": 44826835,
"EventTime": "2021-09-06T13:35:00.631538-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:35:00.760042-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 12:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10616856,
"ParentPID": 6684890,
"Thread": 44826835,
"EventTime": "2021-09-06T13:35:00.631538-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:35:00.760731-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10616856,
"ParentPID": 6684890,
"Thread": 44826835,
"EventTime": "2021-09-06T13:35:00.631538-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:35:00.761404-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10616858,
"ParentPID": 5439688,
"Thread": 28573789,
"EventTime": "2021-09-06T13:39:14.165340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:39:14.406230-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10616860,
"ParentPID": 6684890,
"Thread": 44826851,
"EventTime": "2021-09-06T13:40:00.642357-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:40:00.666520-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10616860,
"ParentPID": 6684890,
"Thread": 44826851,
"EventTime": "2021-09-06T13:40:00.642357-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:40:00.667292-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 12:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10616860,
"ParentPID": 6684890,
"Thread": 44826851,
"EventTime": "2021-09-06T13:40:00.643340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:40:00.667977-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10616860,
"ParentPID": 6684890,
"Thread": 44826851,
"EventTime": "2021-09-06T13:40:00.643340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:40:00.668646-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10616862,
"ParentPID": 6684890,
"Thread": 30670907,
"EventTime": "2021-09-06T13:45:00.643374-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:45:00.929563-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10616862,
"ParentPID": 6684890,
"Thread": 30670907,
"EventTime": "2021-09-06T13:45:00.643374-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:45:00.930290-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 12:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10616862,
"ParentPID": 6684890,
"Thread": 30670907,
"EventTime": "2021-09-06T13:45:00.653377-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:45:00.930972-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10616862,
"ParentPID": 6684890,
"Thread": 30670907,
"EventTime": "2021-09-06T13:45:00.653377-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:45:00.931638-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009830612XyB7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9830612,
"ParentPID": 10551344,
"Thread": 38928501,
"EventTime": "2021-09-06T13:48:33.346340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:48:33.365482-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10551352,
"ParentPID": 10616864,
"Thread": 31326311,
"EventTime": "2021-09-06T13:48:33.366428-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:48:33.666648-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10551352,
"ParentPID": 10616864,
"Thread": 31326311,
"EventTime": "2021-09-06T13:48:33.376340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:48:33.667418-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009830636YiB7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9830636,
"ParentPID": 10551354,
"Thread": 38928525,
"EventTime": "2021-09-06T13:48:33.466341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:48:33.668089-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551356,
"ParentPID": 6684890,
"Thread": 44826865,
"EventTime": "2021-09-06T13:50:00.659764-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:50:00.810859-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551356,
"ParentPID": 6684890,
"Thread": 44826865,
"EventTime": "2021-09-06T13:50:00.659764-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:50:00.811587-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 12:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551356,
"ParentPID": 6684890,
"Thread": 44826865,
"EventTime": "2021-09-06T13:50:00.663340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:50:00.812342-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551356,
"ParentPID": 6684890,
"Thread": 44826865,
"EventTime": "2021-09-06T13:50:00.663340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:50:00.813012-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551358,
"ParentPID": 6684890,
"Thread": 44826877,
"EventTime": "2021-09-06T13:55:00.663341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:55:00.784267-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551358,
"ParentPID": 6684890,
"Thread": 44826877,
"EventTime": "2021-09-06T13:55:00.672495-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:55:00.785119-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 12:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551358,
"ParentPID": 6684890,
"Thread": 44826877,
"EventTime": "2021-09-06T13:55:00.673340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:55:00.785820-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551358,
"ParentPID": 6684890,
"Thread": 44826877,
"EventTime": "2021-09-06T13:55:00.673340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T13:55:00.786492-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551364,
"ParentPID": 6684890,
"Thread": 34603029,
"EventTime": "2021-09-06T14:00:00.678522-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:00:00.880063-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551364,
"ParentPID": 6684890,
"Thread": 34603029,
"EventTime": "2021-09-06T14:00:00.678522-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:00:00.880786-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 13:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551364,
"ParentPID": 6684890,
"Thread": 34603029,
"EventTime": "2021-09-06T14:00:00.682340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:00:00.881475-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551364,
"ParentPID": 6684890,
"Thread": 34603029,
"EventTime": "2021-09-06T14:00:00.682340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:00:00.882144-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551370,
"ParentPID": 5439688,
"Thread": 45678809,
"EventTime": "2021-09-06T14:01:55.230776-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:01:55.370989-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551372,
"ParentPID": 5439688,
"Thread": 45678811,
"EventTime": "2021-09-06T14:01:55.501547-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:01:55.672907-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551374,
"ParentPID": 5439688,
"Thread": 45678813,
"EventTime": "2021-09-06T14:01:55.772297-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:01:55.980196-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551376,
"ParentPID": 5439688,
"Thread": 45678815,
"EventTime": "2021-09-06T14:01:55.902626-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:01:55.980968-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551378,
"ParentPID": 5439688,
"Thread": 45678817,
"EventTime": "2021-09-06T14:01:56.173340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:01:56.284532-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551380,
"ParentPID": 5439688,
"Thread": 45678819,
"EventTime": "2021-09-06T14:01:56.444135-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:01:56.595368-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551382,
"ParentPID": 5439688,
"Thread": 45678821,
"EventTime": "2021-09-06T14:01:56.706194-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:01:56.896253-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551384,
"ParentPID": 5439688,
"Thread": 45678823,
"EventTime": "2021-09-06T14:01:56.973756-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:01:57.207117-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551386,
"ParentPID": 5439688,
"Thread": 45678825,
"EventTime": "2021-09-06T14:01:57.226354-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:01:57.510180-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551388,
"ParentPID": 5439688,
"Thread": 45678827,
"EventTime": "2021-09-06T14:01:57.490706-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:01:57.510948-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010813452SiFqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10813452,
"ParentPID": 9830650,
"Thread": 44957815,
"EventTime": "2021-09-06T14:03:33.595340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:03:33.714041-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9830402,
"ParentPID": 10551392,
"Thread": 45613085,
"EventTime": "2021-09-06T14:03:33.615340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:03:33.714757-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9830402,
"ParentPID": 10551392,
"Thread": 45613085,
"EventTime": "2021-09-06T14:03:33.615340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:03:33.715460-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.11469042",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10813456,
"ParentPID": 11469042,
"Thread": 44957819,
"EventTime": "2021-09-06T14:03:33.645341-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:03:33.715956-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011534582SQIaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11534582,
"ParentPID": 10158178,
"Thread": 43909347,
"EventTime": "2021-09-06T14:03:33.705344-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:03:33.716666-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11534584,
"ParentPID": 5439688,
"Thread": 34603041,
"EventTime": "2021-09-06T14:04:23.553393-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:04:23.592892-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8913022.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8913022,
"ParentPID": 11534584,
"Thread": 47579175,
"EventTime": "2021-09-06T14:04:23.683753-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:04:23.895007-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8913022",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10551408,
"ParentPID": 8913022,
"Thread": 27656377,
"EventTime": "2021-09-06T14:04:23.714340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:04:23.895771-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10551408,
"ParentPID": 8913022,
"Thread": 27656377,
"EventTime": "2021-09-06T14:04:23.724340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:04:23.896450-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551412aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551412,
"ParentPID": 8913022,
"Thread": 27656381,
"EventTime": "2021-09-06T14:04:23.734349-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:04:23.897102-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551412aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551412,
"ParentPID": 8913022,
"Thread": 27656381,
"EventTime": "2021-09-06T14:04:23.734349-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:04:23.897752-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551412aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551412,
"ParentPID": 8913022,
"Thread": 27656381,
"EventTime": "2021-09-06T14:04:23.734349-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:04:23.898398-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8913022/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10551418,
"ParentPID": 8913022,
"Thread": 27656387,
"EventTime": "2021-09-06T14:04:23.744419-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:04:23.899042-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8913022",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10551420,
"ParentPID": 8913022,
"Thread": 27656389,
"EventTime": "2021-09-06T14:04:23.744419-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:04:23.899685-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8913024,
"ParentPID": 11534584,
"Thread": 47579177,
"EventTime": "2021-09-06T14:04:23.754341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:04:23.900324-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913024,
"ParentPID": 11534584,
"Thread": 47579177,
"EventTime": "2021-09-06T14:04:23.754341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:04:23.900962-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11534586,
"ParentPID": 6684890,
"Thread": 34603043,
"EventTime": "2021-09-06T14:05:00.688251-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:05:00.870107-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11534586,
"ParentPID": 6684890,
"Thread": 34603043,
"EventTime": "2021-09-06T14:05:00.688251-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:05:00.870823-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 13:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11534586,
"ParentPID": 6684890,
"Thread": 34603043,
"EventTime": "2021-09-06T14:05:00.688251-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:05:00.871508-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11534586,
"ParentPID": 6684890,
"Thread": 34603043,
"EventTime": "2021-09-06T14:05:00.688251-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:05:00.872169-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11534588,
"ParentPID": 5439688,
"Thread": 34603051,
"EventTime": "2021-09-06T14:06:10.983741-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:11.200861-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11534590,
"ParentPID": 5439688,
"Thread": 34603053,
"EventTime": "2021-09-06T14:06:11.600595-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:11.806782-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8913026.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8913026,
"ParentPID": 11534590,
"Thread": 47775849,
"EventTime": "2021-09-06T14:06:11.730340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:11.807490-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8913026",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10551436,
"ParentPID": 8913026,
"Thread": 27656405,
"EventTime": "2021-09-06T14:06:11.765856-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:11.808159-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10551436,
"ParentPID": 8913026,
"Thread": 27656405,
"EventTime": "2021-09-06T14:06:11.770340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:11.808809-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551440aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551440,
"ParentPID": 8913026,
"Thread": 27656409,
"EventTime": "2021-09-06T14:06:11.780340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:11.809457-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551440aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551440,
"ParentPID": 8913026,
"Thread": 27656409,
"EventTime": "2021-09-06T14:06:11.780340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:11.810097-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551440aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551440,
"ParentPID": 8913026,
"Thread": 27656409,
"EventTime": "2021-09-06T14:06:11.785863-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:11.810772-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8913026/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10551446,
"ParentPID": 8913026,
"Thread": 27656415,
"EventTime": "2021-09-06T14:06:11.795866-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:11.811468-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8913026",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10551448,
"ParentPID": 8913026,
"Thread": 27656417,
"EventTime": "2021-09-06T14:06:11.795866-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:11.812111-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8913028,
"ParentPID": 11534590,
"Thread": 47775851,
"EventTime": "2021-09-06T14:06:11.800403-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:11.812763-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913028,
"ParentPID": 11534590,
"Thread": 47775851,
"EventTime": "2021-09-06T14:06:11.800403-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:11.813398-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11534336,
"ParentPID": 5439688,
"Thread": 34603055,
"EventTime": "2021-09-06T14:06:12.191220-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:12.418204-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8913030.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8913030,
"ParentPID": 11534336,
"Thread": 47775853,
"EventTime": "2021-09-06T14:06:12.320340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:12.418970-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8913030",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10551464,
"ParentPID": 8913030,
"Thread": 27656433,
"EventTime": "2021-09-06T14:06:12.354881-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:12.419643-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10551464,
"ParentPID": 8913030,
"Thread": 27656433,
"EventTime": "2021-09-06T14:06:12.360340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:12.420302-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551468aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551468,
"ParentPID": 8913030,
"Thread": 27656437,
"EventTime": "2021-09-06T14:06:12.370340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:12.420998-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551468aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551468,
"ParentPID": 8913030,
"Thread": 27656437,
"EventTime": "2021-09-06T14:06:12.370340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:12.421708-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551468aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551468,
"ParentPID": 8913030,
"Thread": 27656437,
"EventTime": "2021-09-06T14:06:12.370340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:12.422355-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8913030/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10551470,
"ParentPID": 8913030,
"Thread": 27656439,
"EventTime": "2021-09-06T14:06:12.380340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:12.423002-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8913030",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10551472,
"ParentPID": 8913030,
"Thread": 27656441,
"EventTime": "2021-09-06T14:06:12.387269-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:12.423648-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8913032,
"ParentPID": 11534336,
"Thread": 47775855,
"EventTime": "2021-09-06T14:06:12.390340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:12.424291-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913032,
"ParentPID": 11534336,
"Thread": 47775855,
"EventTime": "2021-09-06T14:06:12.390340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:12.424934-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11534338,
"ParentPID": 5439688,
"Thread": 34603057,
"EventTime": "2021-09-06T14:06:13.650606-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:13.931205-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8913034.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8913034,
"ParentPID": 11534338,
"Thread": 47775857,
"EventTime": "2021-09-06T14:06:13.780926-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:13.932061-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8913034",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10551488,
"ParentPID": 8913034,
"Thread": 27656201,
"EventTime": "2021-09-06T14:06:13.810936-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:13.932735-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10551488,
"ParentPID": 8913034,
"Thread": 27656201,
"EventTime": "2021-09-06T14:06:13.820955-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:13.933393-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551492aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551492,
"ParentPID": 8913034,
"Thread": 27656205,
"EventTime": "2021-09-06T14:06:13.830958-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:13.934045-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551492aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551492,
"ParentPID": 8913034,
"Thread": 27656205,
"EventTime": "2021-09-06T14:06:13.834982-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:13.934688-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551492aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551492,
"ParentPID": 8913034,
"Thread": 27656205,
"EventTime": "2021-09-06T14:06:13.834982-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:13.935330-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8913034/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10551494,
"ParentPID": 8913034,
"Thread": 27656207,
"EventTime": "2021-09-06T14:06:13.840961-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:13.935969-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8913034",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10551496,
"ParentPID": 8913034,
"Thread": 27656209,
"EventTime": "2021-09-06T14:06:13.850964-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:13.936607-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8913036,
"ParentPID": 11534338,
"Thread": 47775859,
"EventTime": "2021-09-06T14:06:13.850964-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:13.937244-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913036,
"ParentPID": 11534338,
"Thread": 47775859,
"EventTime": "2021-09-06T14:06:13.850964-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:13.937885-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11534340,
"ParentPID": 5439688,
"Thread": 34603059,
"EventTime": "2021-09-06T14:06:25.099340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:25.373509-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11534342,
"ParentPID": 5439688,
"Thread": 34603061,
"EventTime": "2021-09-06T14:06:26.479340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:26.587010-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11534344,
"ParentPID": 5439688,
"Thread": 34603063,
"EventTime": "2021-09-06T14:06:27.862236-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:28.101447-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11534346,
"ParentPID": 5439688,
"Thread": 34603065,
"EventTime": "2021-09-06T14:06:29.243866-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:29.314917-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8913038.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8913038,
"ParentPID": 11534346,
"Thread": 47775861,
"EventTime": "2021-09-06T14:06:29.374220-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:29.620200-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8913038",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10551512,
"ParentPID": 8913038,
"Thread": 27656225,
"EventTime": "2021-09-06T14:06:29.404229-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:29.620984-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10551512,
"ParentPID": 8913038,
"Thread": 27656225,
"EventTime": "2021-09-06T14:06:29.414268-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:29.621656-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551516aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551516,
"ParentPID": 8913038,
"Thread": 27656229,
"EventTime": "2021-09-06T14:06:29.424271-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:29.622312-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551516aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551516,
"ParentPID": 8913038,
"Thread": 27656229,
"EventTime": "2021-09-06T14:06:29.425401-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:29.622963-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551516aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551516,
"ParentPID": 8913038,
"Thread": 27656229,
"EventTime": "2021-09-06T14:06:29.425401-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:29.623605-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8913038/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10551518,
"ParentPID": 8913038,
"Thread": 27656231,
"EventTime": "2021-09-06T14:06:29.434275-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:29.624243-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8913038",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10551520,
"ParentPID": 8913038,
"Thread": 27656233,
"EventTime": "2021-09-06T14:06:29.439341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:29.624894-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8913040,
"ParentPID": 11534346,
"Thread": 47775863,
"EventTime": "2021-09-06T14:06:29.454282-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:29.625538-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913040,
"ParentPID": 11534346,
"Thread": 47775863,
"EventTime": "2021-09-06T14:06:29.454282-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:29.626176-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10551522",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10158246,
"ParentPID": 10551522,
"Thread": 39190697,
"EventTime": "2021-09-06T14:06:29.454282-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:29.626649-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11534348,
"ParentPID": 5439688,
"Thread": 34603067,
"EventTime": "2021-09-06T14:06:30.717238-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:30.828651-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8913042.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8913042,
"ParentPID": 11534348,
"Thread": 47775865,
"EventTime": "2021-09-06T14:06:30.848326-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:31.129916-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8913042",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10551538,
"ParentPID": 8913042,
"Thread": 27656251,
"EventTime": "2021-09-06T14:06:30.879340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:31.130698-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10551538,
"ParentPID": 8913042,
"Thread": 27656251,
"EventTime": "2021-09-06T14:06:30.889368-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:31.131377-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551542aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551542,
"ParentPID": 8913042,
"Thread": 27656255,
"EventTime": "2021-09-06T14:06:30.899367-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:31.132041-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551542aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551542,
"ParentPID": 8913042,
"Thread": 27656255,
"EventTime": "2021-09-06T14:06:30.899367-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:31.132695-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551542aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551542,
"ParentPID": 8913042,
"Thread": 27656255,
"EventTime": "2021-09-06T14:06:30.899367-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:31.133350-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8913042/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10551544,
"ParentPID": 8913042,
"Thread": 27656257,
"EventTime": "2021-09-06T14:06:30.909340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:31.133999-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8913042",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10551546,
"ParentPID": 8913042,
"Thread": 27656259,
"EventTime": "2021-09-06T14:06:30.919362-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:31.134646-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8913044,
"ParentPID": 11534348,
"Thread": 47775867,
"EventTime": "2021-09-06T14:06:30.919362-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:31.135291-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913044,
"ParentPID": 11534348,
"Thread": 47775867,
"EventTime": "2021-09-06T14:06:30.919362-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:31.135937-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11534350,
"ParentPID": 5439688,
"Thread": 34603069,
"EventTime": "2021-09-06T14:06:32.182114-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:06:32.343439-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11534352,
"ParentPID": 6684890,
"Thread": 39190715,
"EventTime": "2021-09-06T14:10:00.697511-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:10:00.884241-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11534352,
"ParentPID": 6684890,
"Thread": 39190715,
"EventTime": "2021-09-06T14:10:00.697511-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:10:00.885022-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 13:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11534352,
"ParentPID": 6684890,
"Thread": 39190715,
"EventTime": "2021-09-06T14:10:00.702340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:10:00.885699-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11534352,
"ParentPID": 6684890,
"Thread": 39190715,
"EventTime": "2021-09-06T14:10:00.702340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:10:00.886365-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11534354,
"ParentPID": 6684890,
"Thread": 33947885,
"EventTime": "2021-09-06T14:15:00.702342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:15:00.872776-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11534354,
"ParentPID": 6684890,
"Thread": 33947885,
"EventTime": "2021-09-06T14:15:00.711412-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:15:00.873562-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 13:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11534354,
"ParentPID": 6684890,
"Thread": 33947885,
"EventTime": "2021-09-06T14:15:00.711412-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:15:00.874251-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11534354,
"ParentPID": 6684890,
"Thread": 33947885,
"EventTime": "2021-09-06T14:15:00.712340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:15:00.874913-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010551312MMEqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10551312,
"ParentPID": 8913054,
"Thread": 40566917,
"EventTime": "2021-09-06T14:18:33.835341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:18:33.917180-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8913062,
"ParentPID": 11534356,
"Thread": 31195197,
"EventTime": "2021-09-06T14:18:33.853632-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:18:33.917896-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8913062,
"ParentPID": 11534356,
"Thread": 31195197,
"EventTime": "2021-09-06T14:18:33.858614-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:18:33.918567-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010551336NAEqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10551336,
"ParentPID": 8913064,
"Thread": 40566941,
"EventTime": "2021-09-06T14:18:33.955340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:18:34.223082-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8913066,
"ParentPID": 6684890,
"Thread": 40304721,
"EventTime": "2021-09-06T14:20:00.712834-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:20:00.785119-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8913066,
"ParentPID": 6684890,
"Thread": 40304721,
"EventTime": "2021-09-06T14:20:00.712834-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:20:00.785898-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 13:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8913066,
"ParentPID": 6684890,
"Thread": 40304721,
"EventTime": "2021-09-06T14:20:00.722421-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:20:00.786585-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8913066,
"ParentPID": 6684890,
"Thread": 40304721,
"EventTime": "2021-09-06T14:20:00.722836-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:20:00.787251-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913068,
"ParentPID": 5439688,
"Thread": 31195207,
"EventTime": "2021-09-06T14:20:13.691340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:20:13.729580-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10551338.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10551338,
"ParentPID": 8913068,
"Thread": 36765753,
"EventTime": "2021-09-06T14:20:13.821340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:20:14.032205-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10551338",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11534372,
"ParentPID": 10551338,
"Thread": 33947659,
"EventTime": "2021-09-06T14:20:13.854402-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:20:14.032981-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11534372,
"ParentPID": 10551338,
"Thread": 33947659,
"EventTime": "2021-09-06T14:20:13.861365-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:20:14.033652-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11534376aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11534376,
"ParentPID": 10551338,
"Thread": 33947663,
"EventTime": "2021-09-06T14:20:13.868939-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:20:14.034307-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11534376aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11534376,
"ParentPID": 10551338,
"Thread": 33947663,
"EventTime": "2021-09-06T14:20:13.871340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:20:14.034953-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11534376aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11534376,
"ParentPID": 10551338,
"Thread": 33947663,
"EventTime": "2021-09-06T14:20:13.871340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:20:14.035593-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10551338/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11534378,
"ParentPID": 10551338,
"Thread": 33947665,
"EventTime": "2021-09-06T14:20:13.881917-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:20:14.036231-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10551338",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11534380,
"ParentPID": 10551338,
"Thread": 33947667,
"EventTime": "2021-09-06T14:20:13.881917-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:20:14.036869-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10551340,
"ParentPID": 8913068,
"Thread": 36765755,
"EventTime": "2021-09-06T14:20:13.891340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:20:14.037509-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551340,
"ParentPID": 8913068,
"Thread": 36765755,
"EventTime": "2021-09-06T14:20:13.891340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:20:14.038147-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8913070,
"ParentPID": 6684890,
"Thread": 36765759,
"EventTime": "2021-09-06T14:25:00.729327-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:25:00.767813-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8913070,
"ParentPID": 6684890,
"Thread": 36765759,
"EventTime": "2021-09-06T14:25:00.729327-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:25:00.768591-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 13:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8913070,
"ParentPID": 6684890,
"Thread": 36765759,
"EventTime": "2021-09-06T14:25:00.729327-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:25:00.769282-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8913070,
"ParentPID": 6684890,
"Thread": 36765759,
"EventTime": "2021-09-06T14:25:00.729327-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:25:00.769952-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8913072,
"ParentPID": 6684890,
"Thread": 40304735,
"EventTime": "2021-09-06T14:30:00.734507-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:30:00.976190-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8913072,
"ParentPID": 6684890,
"Thread": 40304735,
"EventTime": "2021-09-06T14:30:00.734507-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:30:00.976940-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 13:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8913072,
"ParentPID": 6684890,
"Thread": 40304735,
"EventTime": "2021-09-06T14:30:00.734507-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:30:00.977639-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8913072,
"ParentPID": 6684890,
"Thread": 40304735,
"EventTime": "2021-09-06T14:30:00.734507-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:30:00.978309-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-06T14:33:13.450118-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:33:13.620196-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011534402H7Iaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11534402,
"ParentPID": 10551350,
"Thread": 42205303,
"EventTime": "2021-09-06T14:33:34.076434-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:33:34.367842-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10551358,
"ParentPID": 8913076,
"Thread": 37421169,
"EventTime": "2021-09-06T14:33:34.096439-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:33:34.368573-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10551358,
"ParentPID": 8913076,
"Thread": 37421169,
"EventTime": "2021-09-06T14:33:34.104340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:33:34.369256-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011534426IqIaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11534426,
"ParentPID": 10551360,
"Thread": 42205327,
"EventTime": "2021-09-06T14:33:34.196471-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:33:34.369917-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551362,
"ParentPID": 6684890,
"Thread": 50790561,
"EventTime": "2021-09-06T14:35:00.747563-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:35:00.918890-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551362,
"ParentPID": 6684890,
"Thread": 50790561,
"EventTime": "2021-09-06T14:35:00.747563-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:35:00.919675-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 13:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551362,
"ParentPID": 6684890,
"Thread": 50790561,
"EventTime": "2021-09-06T14:35:00.751340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:35:00.920359-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551362,
"ParentPID": 6684890,
"Thread": 50790561,
"EventTime": "2021-09-06T14:35:00.751340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:35:00.921027-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10551364",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 8913078,
"ParentPID": 10551364,
"Thread": 33161281,
"EventTime": "2021-09-06T14:35:00.771340-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:35:00.921548-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551366,
"ParentPID": 6684890,
"Thread": 43843751,
"EventTime": "2021-09-06T14:40:00.751341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:40:00.793178-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551366,
"ParentPID": 6684890,
"Thread": 43843751,
"EventTime": "2021-09-06T14:40:00.751341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:40:00.793967-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 13:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551366,
"ParentPID": 6684890,
"Thread": 43843751,
"EventTime": "2021-09-06T14:40:00.761341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:40:00.794661-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551366,
"ParentPID": 6684890,
"Thread": 43843751,
"EventTime": "2021-09-06T14:40:00.761341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:40:00.795332-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551368,
"ParentPID": 6684890,
"Thread": 50790581,
"EventTime": "2021-09-06T14:45:00.769525-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:45:01.024402-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551368,
"ParentPID": 6684890,
"Thread": 50790581,
"EventTime": "2021-09-06T14:45:00.769525-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:45:01.025197-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 13:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551368,
"ParentPID": 6684890,
"Thread": 50790581,
"EventTime": "2021-09-06T14:45:00.771624-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:45:01.025892-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551368,
"ParentPID": 6684890,
"Thread": 50790581,
"EventTime": "2021-09-06T14:45:00.772774-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:45:01.026565-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011534448CmIaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11534448,
"ParentPID": 8913088,
"Thread": 41484515,
"EventTime": "2021-09-06T14:48:34.324662-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:48:34.356302-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8913096,
"ParentPID": 10551370,
"Thread": 39518239,
"EventTime": "2021-09-06T14:48:34.334666-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:48:34.357036-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8913096,
"ParentPID": 10551370,
"Thread": 39518239,
"EventTime": "2021-09-06T14:48:34.344668-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:48:34.357706-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011534472CYIaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11534472,
"ParentPID": 8913098,
"Thread": 41484539,
"EventTime": "2021-09-06T14:48:34.434700-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:48:34.663432-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11337882,
"ParentPID": 6684890,
"Thread": 29491355,
"EventTime": "2021-09-06T14:50:00.773890-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:50:00.971920-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11337882,
"ParentPID": 6684890,
"Thread": 29491355,
"EventTime": "2021-09-06T14:50:00.773890-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:50:00.972715-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 13:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11337882,
"ParentPID": 6684890,
"Thread": 29491355,
"EventTime": "2021-09-06T14:50:00.773890-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:50:00.973404-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11337882,
"ParentPID": 6684890,
"Thread": 29491355,
"EventTime": "2021-09-06T14:50:00.773890-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:50:00.974069-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11337884,
"ParentPID": 6684890,
"Thread": 42532985,
"EventTime": "2021-09-06T14:55:00.786931-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:55:00.867960-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11337884,
"ParentPID": 6684890,
"Thread": 42532985,
"EventTime": "2021-09-06T14:55:00.786931-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:55:00.868745-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 13:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11337884,
"ParentPID": 6684890,
"Thread": 42532985,
"EventTime": "2021-09-06T14:55:00.786931-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:55:00.869429-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11337884,
"ParentPID": 6684890,
"Thread": 42532985,
"EventTime": "2021-09-06T14:55:00.786931-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T14:55:00.870091-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11337886,
"ParentPID": 6684890,
"Thread": 42533001,
"EventTime": "2021-09-06T15:00:00.796763-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:00:01.098651-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11337886,
"ParentPID": 6684890,
"Thread": 42533001,
"EventTime": "2021-09-06T15:00:00.796763-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:00:01.099393-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 14:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11337886,
"ParentPID": 6684890,
"Thread": 42533001,
"EventTime": "2021-09-06T15:00:00.800340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:00:01.100086-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11337886,
"ParentPID": 6684890,
"Thread": 42533001,
"EventTime": "2021-09-06T15:00:00.800340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:00:01.100797-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830408,
"ParentPID": 5439688,
"Thread": 45744307,
"EventTime": "2021-09-06T15:01:25.698340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:01:25.818966-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830410,
"ParentPID": 5439688,
"Thread": 45744309,
"EventTime": "2021-09-06T15:01:25.964948-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:01:26.126275-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830412,
"ParentPID": 5439688,
"Thread": 45744311,
"EventTime": "2021-09-06T15:01:31.258830-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:01:31.551859-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830414,
"ParentPID": 5439688,
"Thread": 45744313,
"EventTime": "2021-09-06T15:01:32.351925-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:01:32.463111-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830416,
"ParentPID": 5439688,
"Thread": 45744315,
"EventTime": "2021-09-06T15:01:32.621519-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:01:32.766377-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830418,
"ParentPID": 5439688,
"Thread": 45744317,
"EventTime": "2021-09-06T15:01:37.777340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:01:37.888229-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830420,
"ParentPID": 5439688,
"Thread": 45744319,
"EventTime": "2021-09-06T15:01:42.807340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:01:43.013351-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830422,
"ParentPID": 5439688,
"Thread": 45744321,
"EventTime": "2021-09-06T15:01:43.068585-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:01:43.318531-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830424,
"ParentPID": 5439688,
"Thread": 45744323,
"EventTime": "2021-09-06T15:01:43.331355-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:01:43.624937-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830426,
"ParentPID": 5439688,
"Thread": 45744325,
"EventTime": "2021-09-06T15:01:43.594043-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:01:43.625723-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00106169867UE7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10616986,
"ParentPID": 11337898,
"Thread": 45613113,
"EventTime": "2021-09-06T15:03:34.563340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:03:34.799921-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11337906,
"ParentPID": 9830430,
"Thread": 46071907,
"EventTime": "2021-09-06T15:03:34.579584-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:03:34.800708-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11337906,
"ParentPID": 9830430,
"Thread": 46071907,
"EventTime": "2021-09-06T15:03:34.583340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:03:34.801383-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00106170108EE7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10617010,
"ParentPID": 11337908,
"Thread": 45613137,
"EventTime": "2021-09-06T15:03:34.679615-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:03:34.802035-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551374,
"ParentPID": 6684890,
"Thread": 46137369,
"EventTime": "2021-09-06T15:05:00.807481-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:05:01.038980-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551374,
"ParentPID": 6684890,
"Thread": 46137369,
"EventTime": "2021-09-06T15:05:00.807481-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:05:01.039766-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 14:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551374,
"ParentPID": 6684890,
"Thread": 46137369,
"EventTime": "2021-09-06T15:05:00.810340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:05:01.040491-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551374,
"ParentPID": 6684890,
"Thread": 46137369,
"EventTime": "2021-09-06T15:05:00.810340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:05:01.041163-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551376,
"ParentPID": 5439688,
"Thread": 45744335,
"EventTime": "2021-09-06T15:05:02.570340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:05:02.851205-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11469048.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11469048,
"ParentPID": 10551376,
"Thread": 29360345,
"EventTime": "2021-09-06T15:05:02.700347-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:05:02.851988-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11469048",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10158096,
"ParentPID": 11469048,
"Thread": 31654087,
"EventTime": "2021-09-06T15:05:02.732688-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:05:02.852660-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10158096,
"ParentPID": 11469048,
"Thread": 31654087,
"EventTime": "2021-09-06T15:05:02.732688-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:05:02.853321-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10158100aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10158100,
"ParentPID": 11469048,
"Thread": 31654091,
"EventTime": "2021-09-06T15:05:02.742691-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:05:02.853970-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10158100aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10158100,
"ParentPID": 11469048,
"Thread": 31654091,
"EventTime": "2021-09-06T15:05:02.742691-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:05:02.854613-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10158100aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10158100,
"ParentPID": 11469048,
"Thread": 31654091,
"EventTime": "2021-09-06T15:05:02.752695-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:05:02.855250-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11469048/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10158106,
"ParentPID": 11469048,
"Thread": 31654097,
"EventTime": "2021-09-06T15:05:02.762737-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:05:02.855887-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11469048",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10158108,
"ParentPID": 11469048,
"Thread": 31654099,
"EventTime": "2021-09-06T15:05:02.762737-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:05:02.856522-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11469050,
"ParentPID": 10551376,
"Thread": 29360347,
"EventTime": "2021-09-06T15:05:02.762737-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:05:02.857160-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11469050,
"ParentPID": 10551376,
"Thread": 29360347,
"EventTime": "2021-09-06T15:05:02.762737-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:05:02.857793-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551378,
"ParentPID": 5439688,
"Thread": 46137383,
"EventTime": "2021-09-06T15:08:03.824340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:04.061996-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551380,
"ParentPID": 5439688,
"Thread": 46137385,
"EventTime": "2021-09-06T15:08:04.484340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:04.674448-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11469052.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11469052,
"ParentPID": 10551380,
"Thread": 29360349,
"EventTime": "2021-09-06T15:08:04.614340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:04.675212-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11469052",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10158124,
"ParentPID": 11469052,
"Thread": 31654115,
"EventTime": "2021-09-06T15:08:04.645691-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:04.675947-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10158124,
"ParentPID": 11469052,
"Thread": 31654115,
"EventTime": "2021-09-06T15:08:04.654340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:04.676604-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10158128aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10158128,
"ParentPID": 11469052,
"Thread": 31654119,
"EventTime": "2021-09-06T15:08:04.674340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:04.984218-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10158128aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10158128,
"ParentPID": 11469052,
"Thread": 31654119,
"EventTime": "2021-09-06T15:08:04.674340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:04.985053-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10158128aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10158128,
"ParentPID": 11469052,
"Thread": 31654119,
"EventTime": "2021-09-06T15:08:04.674340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:04.985786-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10813490",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9830436,
"ParentPID": 10813490,
"Thread": 30998729,
"EventTime": "2021-09-06T15:08:04.674340-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:04.986288-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11469052/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10158136,
"ParentPID": 11469052,
"Thread": 31654127,
"EventTime": "2021-09-06T15:08:04.694340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:04.986942-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11469052",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10158138,
"ParentPID": 11469052,
"Thread": 31654129,
"EventTime": "2021-09-06T15:08:04.695998-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:04.987585-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11469054,
"ParentPID": 10551380,
"Thread": 29360351,
"EventTime": "2021-09-06T15:08:04.695998-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:04.988226-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11469054,
"ParentPID": 10551380,
"Thread": 29360351,
"EventTime": "2021-09-06T15:08:04.695998-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:04.988869-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551382,
"ParentPID": 5439688,
"Thread": 46137387,
"EventTime": "2021-09-06T15:08:05.084340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:05.294923-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11468800.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11468800,
"ParentPID": 10551382,
"Thread": 29360353,
"EventTime": "2021-09-06T15:08:05.214340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:05.295714-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11468800",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10158154,
"ParentPID": 11468800,
"Thread": 31653889,
"EventTime": "2021-09-06T15:08:05.248993-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:05.296399-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10158154,
"ParentPID": 11468800,
"Thread": 31653889,
"EventTime": "2021-09-06T15:08:05.254342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:05.297059-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10158158aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10158158,
"ParentPID": 11468800,
"Thread": 31653893,
"EventTime": "2021-09-06T15:08:05.264399-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:05.297738-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10158158aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10158158,
"ParentPID": 11468800,
"Thread": 31653893,
"EventTime": "2021-09-06T15:08:05.264399-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:05.298383-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10158158aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10158158,
"ParentPID": 11468800,
"Thread": 31653893,
"EventTime": "2021-09-06T15:08:05.264399-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:05.299021-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11468800/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10158160,
"ParentPID": 11468800,
"Thread": 31653895,
"EventTime": "2021-09-06T15:08:05.274751-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:05.299659-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11468800",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10158162,
"ParentPID": 11468800,
"Thread": 31653897,
"EventTime": "2021-09-06T15:08:05.284341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:05.300293-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11468802,
"ParentPID": 10551382,
"Thread": 29360355,
"EventTime": "2021-09-06T15:08:05.284341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:05.300931-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468802,
"ParentPID": 10551382,
"Thread": 29360355,
"EventTime": "2021-09-06T15:08:05.284341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:05.301561-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551384,
"ParentPID": 5439688,
"Thread": 46137389,
"EventTime": "2021-09-06T15:08:06.136165-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:06.207185-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11468804.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11468804,
"ParentPID": 10551384,
"Thread": 29360357,
"EventTime": "2021-09-06T15:08:06.267158-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:06.515187-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11468804",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10158178,
"ParentPID": 11468804,
"Thread": 31653913,
"EventTime": "2021-09-06T15:08:06.304340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:06.515979-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10158178,
"ParentPID": 11468804,
"Thread": 31653913,
"EventTime": "2021-09-06T15:08:06.306503-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:06.516654-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10158182aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10158182,
"ParentPID": 11468804,
"Thread": 31653917,
"EventTime": "2021-09-06T15:08:06.316509-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:06.517310-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10158182aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10158182,
"ParentPID": 11468804,
"Thread": 31653917,
"EventTime": "2021-09-06T15:08:06.316509-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:06.517958-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10158182aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10158182,
"ParentPID": 11468804,
"Thread": 31653917,
"EventTime": "2021-09-06T15:08:06.324340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:06.518596-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11468804/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10158188,
"ParentPID": 11468804,
"Thread": 31653923,
"EventTime": "2021-09-06T15:08:06.334340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:06.519234-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11468804",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10158190,
"ParentPID": 11468804,
"Thread": 31653925,
"EventTime": "2021-09-06T15:08:06.336516-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:06.519870-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11468806,
"ParentPID": 10551384,
"Thread": 29360359,
"EventTime": "2021-09-06T15:08:06.336516-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:06.520508-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468806,
"ParentPID": 10551384,
"Thread": 29360359,
"EventTime": "2021-09-06T15:08:06.336516-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:06.521142-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551386,
"ParentPID": 5439688,
"Thread": 44826655,
"EventTime": "2021-09-06T15:08:16.968983-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:17.055532-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551388,
"ParentPID": 5439688,
"Thread": 44826657,
"EventTime": "2021-09-06T15:08:18.354340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:18.560814-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551390,
"ParentPID": 5439688,
"Thread": 44826659,
"EventTime": "2021-09-06T15:08:19.734340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:19.767316-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551392,
"ParentPID": 5439688,
"Thread": 44826661,
"EventTime": "2021-09-06T15:08:21.117466-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:21.280094-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11468808.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11468808,
"ParentPID": 10551392,
"Thread": 40304757,
"EventTime": "2021-09-06T15:08:21.249478-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:21.280830-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11468808",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10158206,
"ParentPID": 11468808,
"Thread": 46596181,
"EventTime": "2021-09-06T15:08:21.284369-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:21.585175-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10158206,
"ParentPID": 11468808,
"Thread": 46596181,
"EventTime": "2021-09-06T15:08:21.287246-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:21.585958-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10158210aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10158210,
"ParentPID": 11468808,
"Thread": 46596185,
"EventTime": "2021-09-06T15:08:21.297250-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:21.586651-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10158210aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10158210,
"ParentPID": 11468808,
"Thread": 46596185,
"EventTime": "2021-09-06T15:08:21.297250-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:21.587303-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10158210aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10158210,
"ParentPID": 11468808,
"Thread": 46596185,
"EventTime": "2021-09-06T15:08:21.304340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:21.587947-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11468808/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10158212,
"ParentPID": 11468808,
"Thread": 46596187,
"EventTime": "2021-09-06T15:08:21.314340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:21.588596-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11468808",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10158214,
"ParentPID": 11468808,
"Thread": 46596189,
"EventTime": "2021-09-06T15:08:21.317302-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:21.589234-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11468810,
"ParentPID": 10551392,
"Thread": 40304759,
"EventTime": "2021-09-06T15:08:21.319420-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:21.589872-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468810,
"ParentPID": 10551392,
"Thread": 40304759,
"EventTime": "2021-09-06T15:08:21.319420-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:21.590509-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551394,
"ParentPID": 5439688,
"Thread": 44826663,
"EventTime": "2021-09-06T15:08:22.579879-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:22.801252-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11468812.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11468812,
"ParentPID": 10551394,
"Thread": 40304761,
"EventTime": "2021-09-06T15:08:22.710237-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:22.801989-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11468812",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10158230,
"ParentPID": 11468812,
"Thread": 46596205,
"EventTime": "2021-09-06T15:08:22.740247-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:22.802664-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10158230,
"ParentPID": 11468812,
"Thread": 46596205,
"EventTime": "2021-09-06T15:08:22.743341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:22.803321-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10158234aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10158234,
"ParentPID": 11468812,
"Thread": 46596209,
"EventTime": "2021-09-06T15:08:22.753340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:22.804013-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10158234aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10158234,
"ParentPID": 11468812,
"Thread": 46596209,
"EventTime": "2021-09-06T15:08:22.753340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:22.804726-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10158234aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10158234,
"ParentPID": 11468812,
"Thread": 46596209,
"EventTime": "2021-09-06T15:08:22.760413-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:22.805367-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11468812/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10158236,
"ParentPID": 11468812,
"Thread": 46596211,
"EventTime": "2021-09-06T15:08:22.770261-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:22.806008-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11468812",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10158238,
"ParentPID": 11468812,
"Thread": 46596213,
"EventTime": "2021-09-06T15:08:22.773503-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:22.806648-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11468814,
"ParentPID": 10551394,
"Thread": 40304763,
"EventTime": "2021-09-06T15:08:22.773503-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:22.807283-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468814,
"ParentPID": 10551394,
"Thread": 40304763,
"EventTime": "2021-09-06T15:08:22.773503-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:22.807922-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551396,
"ParentPID": 5439688,
"Thread": 44826665,
"EventTime": "2021-09-06T15:08:24.043340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:08:24.315574-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551398,
"ParentPID": 6684890,
"Thread": 34013379,
"EventTime": "2021-09-06T15:10:00.812283-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:10:01.054111-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551398,
"ParentPID": 6684890,
"Thread": 34013379,
"EventTime": "2021-09-06T15:10:00.812283-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:10:01.054862-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 14:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551398,
"ParentPID": 6684890,
"Thread": 34013379,
"EventTime": "2021-09-06T15:10:00.812283-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:10:01.055555-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551398,
"ParentPID": 6684890,
"Thread": 34013379,
"EventTime": "2021-09-06T15:10:00.820340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:10:01.056221-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551400,
"ParentPID": 6684890,
"Thread": 29360365,
"EventTime": "2021-09-06T15:15:00.828781-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:15:00.929676-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551400,
"ParentPID": 6684890,
"Thread": 29360365,
"EventTime": "2021-09-06T15:15:00.828781-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:15:00.930498-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 14:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551400,
"ParentPID": 6684890,
"Thread": 29360365,
"EventTime": "2021-09-06T15:15:00.830352-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:15:00.931210-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551400,
"ParentPID": 6684890,
"Thread": 29360365,
"EventTime": "2021-09-06T15:15:00.830352-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:15:00.931918-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10551402",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 11468816,
"ParentPID": 10551402,
"Thread": 41091225,
"EventTime": "2021-09-06T15:15:00.850356-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:15:00.932400-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00101582602ACMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10158260,
"ParentPID": 11468826,
"Thread": 46596235,
"EventTime": "2021-09-06T15:18:34.803342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:18:34.877559-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11468834,
"ParentPID": 10551404,
"Thread": 40304781,
"EventTime": "2021-09-06T15:18:34.821680-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:18:34.878298-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11468834,
"ParentPID": 10551404,
"Thread": 40304781,
"EventTime": "2021-09-06T15:18:34.823340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:18:34.878981-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00101582843yCMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10158284,
"ParentPID": 11468836,
"Thread": 46596259,
"EventTime": "2021-09-06T15:18:34.923340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:18:35.183352-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551406,
"ParentPID": 6684890,
"Thread": 29360383,
"EventTime": "2021-09-06T15:20:00.849338-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:20:01.120580-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551406,
"ParentPID": 6684890,
"Thread": 29360383,
"EventTime": "2021-09-06T15:20:00.849338-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:20:01.121392-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 14:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551406,
"ParentPID": 6684890,
"Thread": 29360383,
"EventTime": "2021-09-06T15:20:00.849338-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:20:01.122099-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551406,
"ParentPID": 6684890,
"Thread": 29360383,
"EventTime": "2021-09-06T15:20:00.850340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:20:01.122766-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551408,
"ParentPID": 6684890,
"Thread": 34013395,
"EventTime": "2021-09-06T15:25:00.853502-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:25:01.051248-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551408,
"ParentPID": 6684890,
"Thread": 34013395,
"EventTime": "2021-09-06T15:25:00.853502-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:25:01.052048-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 14:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551408,
"ParentPID": 6684890,
"Thread": 34013395,
"EventTime": "2021-09-06T15:25:00.860341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:25:01.052759-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551408,
"ParentPID": 6684890,
"Thread": 34013395,
"EventTime": "2021-09-06T15:25:00.861363-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:25:01.053426-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551410,
"ParentPID": 6684890,
"Thread": 44368085,
"EventTime": "2021-09-06T15:30:00.861061-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:30:00.899109-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551410,
"ParentPID": 6684890,
"Thread": 44368085,
"EventTime": "2021-09-06T15:30:00.861061-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:30:00.899956-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 14:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551410,
"ParentPID": 6684890,
"Thread": 44368085,
"EventTime": "2021-09-06T15:30:00.869340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:30:00.900731-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551410,
"ParentPID": 6684890,
"Thread": 44368085,
"EventTime": "2021-09-06T15:30:00.869340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:30:00.901429-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-06T15:33:13.333340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:33:13.486936-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010158306wuCMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10158306,
"ParentPID": 11468846,
"Thread": 45547531,
"EventTime": "2021-09-06T15:33:35.051586-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:33:35.153682-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11468854,
"ParentPID": 10551414,
"Thread": 37355585,
"EventTime": "2021-09-06T15:33:35.062860-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:33:35.154481-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11468854,
"ParentPID": 10551414,
"Thread": 37355585,
"EventTime": "2021-09-06T15:33:35.072862-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:33:35.155234-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010158330xeCMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10158330,
"ParentPID": 11468856,
"Thread": 45547555,
"EventTime": "2021-09-06T15:33:35.162894-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:33:35.456161-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551416,
"ParentPID": 5439688,
"Thread": 46137403,
"EventTime": "2021-09-06T15:34:30.786345-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:34:31.046028-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11468858.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11468858,
"ParentPID": 10551416,
"Thread": 34013413,
"EventTime": "2021-09-06T15:34:30.914913-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:34:31.046780-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11468858",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10158090,
"ParentPID": 11468858,
"Thread": 44368111,
"EventTime": "2021-09-06T15:34:30.948081-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:34:31.047480-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10158090,
"ParentPID": 11468858,
"Thread": 44368111,
"EventTime": "2021-09-06T15:34:30.954927-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:34:31.048189-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10158094aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10158094,
"ParentPID": 11468858,
"Thread": 44368115,
"EventTime": "2021-09-06T15:34:30.964931-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:34:31.048837-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10158094aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10158094,
"ParentPID": 11468858,
"Thread": 44368115,
"EventTime": "2021-09-06T15:34:30.964931-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:34:31.049480-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10158094aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10158094,
"ParentPID": 11468858,
"Thread": 44368115,
"EventTime": "2021-09-06T15:34:30.967051-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:34:31.050120-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11468858/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10158100,
"ParentPID": 11468858,
"Thread": 44368121,
"EventTime": "2021-09-06T15:34:30.974934-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:34:31.050880-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11468858",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10158102,
"ParentPID": 11468858,
"Thread": 44368123,
"EventTime": "2021-09-06T15:34:30.980340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:34:31.051583-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11468860,
"ParentPID": 10551416,
"Thread": 34013415,
"EventTime": "2021-09-06T15:34:30.984938-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:34:31.052228-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468860,
"ParentPID": 10551416,
"Thread": 34013415,
"EventTime": "2021-09-06T15:34:30.984938-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:34:31.052869-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551418,
"ParentPID": 6684890,
"Thread": 46137405,
"EventTime": "2021-09-06T15:35:00.877098-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:35:01.110204-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551418,
"ParentPID": 6684890,
"Thread": 46137405,
"EventTime": "2021-09-06T15:35:00.877098-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:35:01.111022-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 14:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551418,
"ParentPID": 6684890,
"Thread": 46137405,
"EventTime": "2021-09-06T15:35:00.877098-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:35:01.111739-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551418,
"ParentPID": 6684890,
"Thread": 46137405,
"EventTime": "2021-09-06T15:35:00.879340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:35:01.112414-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551420,
"ParentPID": 5439688,
"Thread": 40829051,
"EventTime": "2021-09-06T15:38:41.086146-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:38:41.387840-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551422,
"ParentPID": 6684890,
"Thread": 41025699,
"EventTime": "2021-09-06T15:40:00.885550-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:40:01.010250-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551422,
"ParentPID": 6684890,
"Thread": 41025699,
"EventTime": "2021-09-06T15:40:00.885550-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:40:01.011072-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 14:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551422,
"ParentPID": 6684890,
"Thread": 41025699,
"EventTime": "2021-09-06T15:40:00.885550-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:40:01.011780-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551422,
"ParentPID": 6684890,
"Thread": 41025699,
"EventTime": "2021-09-06T15:40:00.889340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:40:01.012456-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551424,
"ParentPID": 6684890,
"Thread": 41025711,
"EventTime": "2021-09-06T15:45:00.894742-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:45:00.909465-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551424,
"ParentPID": 6684890,
"Thread": 41025711,
"EventTime": "2021-09-06T15:45:00.894742-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:45:00.910242-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 14:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551424,
"ParentPID": 6684890,
"Thread": 41025711,
"EventTime": "2021-09-06T15:45:00.899340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:45:00.911011-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551424,
"ParentPID": 6684890,
"Thread": 41025711,
"EventTime": "2021-09-06T15:45:00.899340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:45:00.911694-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010158124reCMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10158124,
"ParentPID": 11468870,
"Thread": 43843789,
"EventTime": "2021-09-06T15:48:35.292340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:48:35.420976-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11468878,
"ParentPID": 10551426,
"Thread": 45678649,
"EventTime": "2021-09-06T15:48:35.307074-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:48:35.421725-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11468878,
"ParentPID": 10551426,
"Thread": 45678649,
"EventTime": "2021-09-06T15:48:35.312340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:48:35.422435-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010158148rMCMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10158148,
"ParentPID": 11468880,
"Thread": 43843813,
"EventTime": "2021-09-06T15:48:35.407114-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:48:35.423101-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551428,
"ParentPID": 6684890,
"Thread": 31653945,
"EventTime": "2021-09-06T15:50:00.906855-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:50:01.057781-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551428,
"ParentPID": 6684890,
"Thread": 31653945,
"EventTime": "2021-09-06T15:50:00.906855-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:50:01.058586-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 14:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551428,
"ParentPID": 6684890,
"Thread": 31653945,
"EventTime": "2021-09-06T15:50:00.909340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:50:01.059292-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551428,
"ParentPID": 6684890,
"Thread": 31653945,
"EventTime": "2021-09-06T15:50:00.909340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:50:01.060011-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551430,
"ParentPID": 6684890,
"Thread": 46137427,
"EventTime": "2021-09-06T15:55:00.910044-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:55:01.004860-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551430,
"ParentPID": 6684890,
"Thread": 46137427,
"EventTime": "2021-09-06T15:55:00.910044-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:55:01.005619-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 14:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551430,
"ParentPID": 6684890,
"Thread": 46137427,
"EventTime": "2021-09-06T15:55:00.919342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:55:01.006322-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551430,
"ParentPID": 6684890,
"Thread": 46137427,
"EventTime": "2021-09-06T15:55:00.920047-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:55:01.006991-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.08192112",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9044110,
"ParentPID": 8192112,
"Thread": 34013425,
"EventTime": "2021-09-06T15:55:00.930049-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T15:55:01.007476-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551432,
"ParentPID": 6684890,
"Thread": 31653959,
"EventTime": "2021-09-06T16:00:00.939340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:00:00.951307-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551432,
"ParentPID": 6684890,
"Thread": 31653959,
"EventTime": "2021-09-06T16:00:00.939340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:00:00.952072-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/lib/ras/dumpcheck >/dev/null 2>&1 time = Mon Aug 16 15:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551432,
"ParentPID": 6684890,
"Thread": 31653959,
"EventTime": "2021-09-06T16:00:00.939340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:00:00.952788-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551432,
"ParentPID": 6684890,
"Thread": 31653959,
"EventTime": "2021-09-06T16:00:00.946825-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:00:00.953464-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192114,
"ParentPID": 6684890,
"Thread": 29622387,
"EventTime": "2021-09-06T16:00:00.957015-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:00:01.258342-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192114,
"ParentPID": 6684890,
"Thread": 29622387,
"EventTime": "2021-09-06T16:00:00.957015-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:00:01.259081-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 15:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192114,
"ParentPID": 6684890,
"Thread": 29622387,
"EventTime": "2021-09-06T16:00:00.957015-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:00:01.259826-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192114,
"ParentPID": 6684890,
"Thread": 29622387,
"EventTime": "2021-09-06T16:00:00.957015-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:00:01.260545-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10551432.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10551432,
"ParentPID": 6684890,
"Thread": 31653959,
"EventTime": "2021-09-06T16:00:00.989341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:00:01.261204-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/dump_ch10551432",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 8192156,
"ParentPID": 10551432,
"Thread": 29622429,
"EventTime": "2021-09-06T16:00:01.119340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:00:01.261862-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192160,
"ParentPID": 5439688,
"Thread": 47382589,
"EventTime": "2021-09-06T16:01:32.266340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:01:32.305594-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192162,
"ParentPID": 5439688,
"Thread": 47382591,
"EventTime": "2021-09-06T16:01:32.535883-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:01:32.606900-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192164,
"ParentPID": 5439688,
"Thread": 47382593,
"EventTime": "2021-09-06T16:01:37.855340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:01:38.032507-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192166,
"ParentPID": 5439688,
"Thread": 30736417,
"EventTime": "2021-09-06T16:01:38.924099-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:01:38.941078-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192168,
"ParentPID": 5439688,
"Thread": 30736419,
"EventTime": "2021-09-06T16:01:40.225340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:01:40.449313-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192170,
"ParentPID": 5439688,
"Thread": 30736421,
"EventTime": "2021-09-06T16:01:44.349428-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:01:44.370321-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192172,
"ParentPID": 5439688,
"Thread": 30736423,
"EventTime": "2021-09-06T16:01:49.375340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:01:49.494453-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192174,
"ParentPID": 5439688,
"Thread": 30736425,
"EventTime": "2021-09-06T16:01:49.635340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:01:49.796210-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192176,
"ParentPID": 5439688,
"Thread": 30736427,
"EventTime": "2021-09-06T16:01:49.905340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:01:50.105983-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192178,
"ParentPID": 5439688,
"Thread": 30736429,
"EventTime": "2021-09-06T16:01:50.175340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:01:50.407298-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009044170lM97aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9044170,
"ParentPID": 10551444,
"Thread": 33947711,
"EventTime": "2021-09-06T16:03:35.531340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:03:35.602246-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10551452,
"ParentPID": 8192182,
"Thread": 41877663,
"EventTime": "2021-09-06T16:03:35.551343-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:03:35.603094-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10551452,
"ParentPID": 8192182,
"Thread": 41877663,
"EventTime": "2021-09-06T16:03:35.556639-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:03:35.603831-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010551474m3Eqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10551474,
"ParentPID": 5636130,
"Thread": 41877685,
"EventTime": "2021-09-06T16:03:35.641343-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:03:35.904731-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192184,
"ParentPID": 6684890,
"Thread": 44171479,
"EventTime": "2021-09-06T16:05:00.119648-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:05:00.381335-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192184,
"ParentPID": 6684890,
"Thread": 44171479,
"EventTime": "2021-09-06T16:05:00.119648-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:05:00.382092-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 15:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192184,
"ParentPID": 6684890,
"Thread": 44171479,
"EventTime": "2021-09-06T16:05:00.119648-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:05:00.382800-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192184,
"ParentPID": 6684890,
"Thread": 44171479,
"EventTime": "2021-09-06T16:05:00.119648-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:05:00.383478-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192186,
"ParentPID": 5439688,
"Thread": 46923803,
"EventTime": "2021-09-06T16:08:01.928491-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:02.224241-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192188,
"ParentPID": 5439688,
"Thread": 44171493,
"EventTime": "2021-09-06T16:08:02.539887-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:02.834068-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh6029326.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 6029326,
"ParentPID": 8192188,
"Thread": 31457395,
"EventTime": "2021-09-06T16:08:02.670084-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:02.834856-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.6029326",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 8913118,
"ParentPID": 6029326,
"Thread": 42139829,
"EventTime": "2021-09-06T16:08:02.702360-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:02.835540-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 8913118,
"ParentPID": 6029326,
"Thread": 42139829,
"EventTime": "2021-09-06T16:08:02.704532-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:02.836215-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm8913122aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8913122,
"ParentPID": 6029326,
"Thread": 42139833,
"EventTime": "2021-09-06T16:08:02.714535-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:02.836866-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm8913122aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8913122,
"ParentPID": 6029326,
"Thread": 42139833,
"EventTime": "2021-09-06T16:08:02.722340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:02.837525-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm8913122aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8913122,
"ParentPID": 6029326,
"Thread": 42139833,
"EventTime": "2021-09-06T16:08:02.722340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:02.838172-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.6029326/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 8913124,
"ParentPID": 6029326,
"Thread": 42139835,
"EventTime": "2021-09-06T16:08:02.732889-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:02.838818-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.6029326",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 8913126,
"ParentPID": 6029326,
"Thread": 42139837,
"EventTime": "2021-09-06T16:08:02.734542-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:02.839463-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 6029328,
"ParentPID": 8192188,
"Thread": 31457397,
"EventTime": "2021-09-06T16:08:02.734542-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:02.840107-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 6029328,
"ParentPID": 8192188,
"Thread": 31457397,
"EventTime": "2021-09-06T16:08:02.734542-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:02.840758-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192190,
"ParentPID": 5439688,
"Thread": 44171495,
"EventTime": "2021-09-06T16:08:03.125576-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:03.141957-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh6029330.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 6029330,
"ParentPID": 8192190,
"Thread": 31457399,
"EventTime": "2021-09-06T16:08:03.255897-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:03.443149-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.6029330",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 8913142,
"ParentPID": 6029330,
"Thread": 42139853,
"EventTime": "2021-09-06T16:08:03.285907-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:03.443892-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 8913142,
"ParentPID": 6029330,
"Thread": 42139853,
"EventTime": "2021-09-06T16:08:03.295947-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:03.444551-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm8913146aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8913146,
"ParentPID": 6029330,
"Thread": 42139857,
"EventTime": "2021-09-06T16:08:03.305951-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:03.445204-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm8913146aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8913146,
"ParentPID": 6029330,
"Thread": 42139857,
"EventTime": "2021-09-06T16:08:03.305951-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:03.445868-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm8913146aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8913146,
"ParentPID": 6029330,
"Thread": 42139857,
"EventTime": "2021-09-06T16:08:03.305951-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:03.446522-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.6029330/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 8912896,
"ParentPID": 6029330,
"Thread": 42139863,
"EventTime": "2021-09-06T16:08:03.315954-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:03.447168-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.6029330",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 8912898,
"ParentPID": 6029330,
"Thread": 42139865,
"EventTime": "2021-09-06T16:08:03.322340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:03.447818-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 6029332,
"ParentPID": 8192190,
"Thread": 31457401,
"EventTime": "2021-09-06T16:08:03.325958-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:03.448482-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 6029332,
"ParentPID": 8192190,
"Thread": 31457401,
"EventTime": "2021-09-06T16:08:03.325958-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:03.449144-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192192,
"ParentPID": 5439688,
"Thread": 44171497,
"EventTime": "2021-09-06T16:08:04.643932-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:04.660587-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh6029334.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 6029334,
"ParentPID": 8192192,
"Thread": 31457403,
"EventTime": "2021-09-06T16:08:04.773149-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:04.963205-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.6029334",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 8912914,
"ParentPID": 6029334,
"Thread": 42139881,
"EventTime": "2021-09-06T16:08:04.802340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:04.964014-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 8912914,
"ParentPID": 6029334,
"Thread": 42139881,
"EventTime": "2021-09-06T16:08:04.812341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:04.964738-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm8912918aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8912918,
"ParentPID": 6029334,
"Thread": 42139885,
"EventTime": "2021-09-06T16:08:04.822340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:04.965407-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm8912918aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8912918,
"ParentPID": 6029334,
"Thread": 42139885,
"EventTime": "2021-09-06T16:08:04.822340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:04.966054-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm8912918aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8912918,
"ParentPID": 6029334,
"Thread": 42139885,
"EventTime": "2021-09-06T16:08:04.822340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:04.966704-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.05636168",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10551484,
"ParentPID": 5636168,
"Thread": 37093615,
"EventTime": "2021-09-06T16:08:04.844990-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:04.967191-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.6029334/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 8912924,
"ParentPID": 6029334,
"Thread": 42139891,
"EventTime": "2021-09-06T16:08:04.850024-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:04.967838-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.6029334",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 5636170,
"ParentPID": 6029334,
"Thread": 42926283,
"EventTime": "2021-09-06T16:08:04.852340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:04.968484-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 6029336,
"ParentPID": 8192192,
"Thread": 31457405,
"EventTime": "2021-09-06T16:08:04.852340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:04.969124-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 6029336,
"ParentPID": 8192192,
"Thread": 31457405,
"EventTime": "2021-09-06T16:08:04.852340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:04.969761-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192194,
"ParentPID": 5439688,
"Thread": 40042543,
"EventTime": "2021-09-06T16:08:18.768620-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:18.784010-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192196,
"ParentPID": 5439688,
"Thread": 40042545,
"EventTime": "2021-09-06T16:08:20.142364-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:20.293230-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192198,
"ParentPID": 5439688,
"Thread": 40042547,
"EventTime": "2021-09-06T16:08:21.532340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:21.797762-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192200,
"ParentPID": 5439688,
"Thread": 40042549,
"EventTime": "2021-09-06T16:08:22.915429-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:23.011135-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh6029338.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 6029338,
"ParentPID": 8192200,
"Thread": 41812115,
"EventTime": "2021-09-06T16:08:23.042340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:23.313188-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.6029338",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 5636186,
"ParentPID": 6029338,
"Thread": 42336431,
"EventTime": "2021-09-06T16:08:23.073258-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:23.313962-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 5636186,
"ParentPID": 6029338,
"Thread": 42336431,
"EventTime": "2021-09-06T16:08:23.082341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:23.314628-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm5636190aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 5636190,
"ParentPID": 6029338,
"Thread": 42336435,
"EventTime": "2021-09-06T16:08:23.092340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:23.315285-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm5636190aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 5636190,
"ParentPID": 6029338,
"Thread": 42336435,
"EventTime": "2021-09-06T16:08:23.092340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:23.315935-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm5636190aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 5636190,
"ParentPID": 6029338,
"Thread": 42336435,
"EventTime": "2021-09-06T16:08:23.092340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:23.316577-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.6029338/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 5636196,
"ParentPID": 6029338,
"Thread": 42336441,
"EventTime": "2021-09-06T16:08:23.102340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:23.317218-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.6029338",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 5636198,
"ParentPID": 6029338,
"Thread": 42336443,
"EventTime": "2021-09-06T16:08:23.110369-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:23.317858-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 6029340,
"ParentPID": 8192200,
"Thread": 41812117,
"EventTime": "2021-09-06T16:08:23.112340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:23.318506-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 6029340,
"ParentPID": 8192200,
"Thread": 41812117,
"EventTime": "2021-09-06T16:08:23.112340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:23.319145-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192202,
"ParentPID": 5439688,
"Thread": 40042551,
"EventTime": "2021-09-06T16:08:24.373768-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:24.525543-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh6029342.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 6029342,
"ParentPID": 8192202,
"Thread": 41812119,
"EventTime": "2021-09-06T16:08:24.504102-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:24.526271-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.6029342",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 5636214,
"ParentPID": 6029342,
"Thread": 42336459,
"EventTime": "2021-09-06T16:08:24.534111-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:24.827819-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 5636214,
"ParentPID": 6029342,
"Thread": 42336459,
"EventTime": "2021-09-06T16:08:24.544114-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:24.828600-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm5636218aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 5636218,
"ParentPID": 6029342,
"Thread": 42336463,
"EventTime": "2021-09-06T16:08:24.554117-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:24.829277-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm5636218aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 5636218,
"ParentPID": 6029342,
"Thread": 42336463,
"EventTime": "2021-09-06T16:08:24.554117-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:24.829935-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm5636218aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 5636218,
"ParentPID": 6029342,
"Thread": 42336463,
"EventTime": "2021-09-06T16:08:24.554117-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:24.830583-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.6029342/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 5636220,
"ParentPID": 6029342,
"Thread": 42336465,
"EventTime": "2021-09-06T16:08:24.564123-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:24.831229-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.6029342",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 5636222,
"ParentPID": 6029342,
"Thread": 42336467,
"EventTime": "2021-09-06T16:08:24.572341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:24.831874-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 6029344,
"ParentPID": 8192202,
"Thread": 41812121,
"EventTime": "2021-09-06T16:08:24.576368-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:24.832548-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 6029344,
"ParentPID": 8192202,
"Thread": 41812121,
"EventTime": "2021-09-06T16:08:24.576368-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:24.833250-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192204,
"ParentPID": 5439688,
"Thread": 40042553,
"EventTime": "2021-09-06T16:08:25.836475-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:08:26.047932-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192206,
"ParentPID": 6684890,
"Thread": 44171501,
"EventTime": "2021-09-06T16:10:00.130395-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:10:00.381633-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192206,
"ParentPID": 6684890,
"Thread": 44171501,
"EventTime": "2021-09-06T16:10:00.130395-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:10:00.382441-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 15:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192206,
"ParentPID": 6684890,
"Thread": 44171501,
"EventTime": "2021-09-06T16:10:00.130395-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:10:00.383161-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192206,
"ParentPID": 6684890,
"Thread": 44171501,
"EventTime": "2021-09-06T16:10:00.130395-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:10:00.383838-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192208,
"ParentPID": 6684890,
"Thread": 39321751,
"EventTime": "2021-09-06T16:15:00.140095-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:15:00.271360-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192208,
"ParentPID": 6684890,
"Thread": 39321751,
"EventTime": "2021-09-06T16:15:00.140095-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:15:00.272170-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 15:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192208,
"ParentPID": 6684890,
"Thread": 39321751,
"EventTime": "2021-09-06T16:15:00.140095-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:15:00.272886-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192208,
"ParentPID": 6684890,
"Thread": 39321751,
"EventTime": "2021-09-06T16:15:00.140095-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:15:00.273561-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636244gyv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636244,
"ParentPID": 6029354,
"Thread": 42336489,
"EventTime": "2021-09-06T16:18:35.761736-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:18:35.984331-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 6029362,
"ParentPID": 8192210,
"Thread": 41812139,
"EventTime": "2021-09-06T16:18:35.783394-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:18:35.985138-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 6029362,
"ParentPID": 8192210,
"Thread": 41812139,
"EventTime": "2021-09-06T16:18:35.791744-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:18:35.985844-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636268hiv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636268,
"ParentPID": 6029364,
"Thread": 42336257,
"EventTime": "2021-09-06T16:18:35.886039-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:18:35.986511-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 6029366,
"ParentPID": 6684890,
"Thread": 31457413,
"EventTime": "2021-09-06T16:20:00.144704-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:20:00.437207-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 6029366,
"ParentPID": 6684890,
"Thread": 31457413,
"EventTime": "2021-09-06T16:20:00.144704-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:20:00.437963-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 15:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 6029366,
"ParentPID": 6684890,
"Thread": 31457413,
"EventTime": "2021-09-06T16:20:00.154708-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:20:00.438691-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 6029366,
"ParentPID": 6684890,
"Thread": 31457413,
"EventTime": "2021-09-06T16:20:00.154708-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:20:00.439372-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 6029368,
"ParentPID": 6684890,
"Thread": 28246195,
"EventTime": "2021-09-06T16:25:00.158341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:25:00.370158-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 6029368,
"ParentPID": 6684890,
"Thread": 28246195,
"EventTime": "2021-09-06T16:25:00.158341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:25:00.370976-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 15:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 6029368,
"ParentPID": 6684890,
"Thread": 28246195,
"EventTime": "2021-09-06T16:25:00.158341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:25:00.371692-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 6029368,
"ParentPID": 6684890,
"Thread": 28246195,
"EventTime": "2021-09-06T16:25:00.165514-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:25:00.372375-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 6029370,
"ParentPID": 6684890,
"Thread": 45875373,
"EventTime": "2021-09-06T16:30:00.166761-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:30:00.237350-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 6029370,
"ParentPID": 6684890,
"Thread": 45875373,
"EventTime": "2021-09-06T16:30:00.166761-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:30:00.238120-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 15:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 6029370,
"ParentPID": 6684890,
"Thread": 45875373,
"EventTime": "2021-09-06T16:30:00.174386-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:30:00.238865-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 6029370,
"ParentPID": 6684890,
"Thread": 45875373,
"EventTime": "2021-09-06T16:30:00.174386-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:30:00.239602-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 6029372,
"ParentPID": 5439688,
"Thread": 33358015,
"EventTime": "2021-09-06T16:31:41.827853-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:31:41.858783-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8192212.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8192212,
"ParentPID": 6029372,
"Thread": 39321771,
"EventTime": "2021-09-06T16:31:41.978235-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:31:42.164475-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8192212",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 5636284,
"ParentPID": 8192212,
"Thread": 43057291,
"EventTime": "2021-09-06T16:31:42.012951-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:31:42.165288-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 5636284,
"ParentPID": 8192212,
"Thread": 43057291,
"EventTime": "2021-09-06T16:31:42.018250-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:31:42.165999-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm5636288aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 5636288,
"ParentPID": 8192212,
"Thread": 43057295,
"EventTime": "2021-09-06T16:31:42.038257-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:31:42.166670-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10551508",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 8912972,
"ParentPID": 10551508,
"Thread": 44105885,
"EventTime": "2021-09-06T16:31:42.048264-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:31:42.167161-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm5636288aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 5636288,
"ParentPID": 8192212,
"Thread": 43057295,
"EventTime": "2021-09-06T16:31:42.048264-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:31:42.167816-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm5636288aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 5636288,
"ParentPID": 8192212,
"Thread": 43057295,
"EventTime": "2021-09-06T16:31:42.048264-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:31:42.168462-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8192212/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 5636290,
"ParentPID": 8192212,
"Thread": 43057297,
"EventTime": "2021-09-06T16:31:42.058267-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:31:42.169111-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8192212",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 5636292,
"ParentPID": 8192212,
"Thread": 43057299,
"EventTime": "2021-09-06T16:31:42.060717-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:31:42.169754-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8192214,
"ParentPID": 6029372,
"Thread": 39321773,
"EventTime": "2021-09-06T16:31:42.064519-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:31:42.170390-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192214,
"ParentPID": 6029372,
"Thread": 39321773,
"EventTime": "2021-09-06T16:31:42.064519-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:31:42.171025-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 6029374,
"ParentPID": 5439688,
"Thread": 33358017,
"EventTime": "2021-09-06T16:31:43.107008-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:31:43.375244-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8192216.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8192216,
"ParentPID": 6029374,
"Thread": 39321775,
"EventTime": "2021-09-06T16:31:43.244341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:31:43.376048-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8192216",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 5636308,
"ParentPID": 8192216,
"Thread": 43057315,
"EventTime": "2021-09-06T16:31:43.281426-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:31:43.376759-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 5636308,
"ParentPID": 8192216,
"Thread": 43057315,
"EventTime": "2021-09-06T16:31:43.284340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:31:43.377429-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm5636312aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 5636312,
"ParentPID": 8192216,
"Thread": 43057319,
"EventTime": "2021-09-06T16:31:43.294341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:31:43.378083-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm5636312aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 5636312,
"ParentPID": 8192216,
"Thread": 43057319,
"EventTime": "2021-09-06T16:31:43.294341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:31:43.378735-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm5636312aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 5636312,
"ParentPID": 8192216,
"Thread": 43057319,
"EventTime": "2021-09-06T16:31:43.301432-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:31:43.379379-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8192216/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 5636314,
"ParentPID": 8192216,
"Thread": 43057321,
"EventTime": "2021-09-06T16:31:43.311435-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:31:43.380021-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8192216",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 5636316,
"ParentPID": 8192216,
"Thread": 43057323,
"EventTime": "2021-09-06T16:31:43.315558-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:31:43.380659-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8192218,
"ParentPID": 6029374,
"Thread": 39321777,
"EventTime": "2021-09-06T16:31:43.315558-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:31:43.381294-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192218,
"ParentPID": 6029374,
"Thread": 39321777,
"EventTime": "2021-09-06T16:31:43.315558-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:31:43.381966-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-06T16:33:13.211340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:33:13.260686-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636338biv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636338,
"ParentPID": 8192228,
"Thread": 46923863,
"EventTime": "2021-09-06T16:33:36.011821-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:33:36.115353-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192236,
"ParentPID": 6029378,
"Thread": 45220065,
"EventTime": "2021-09-06T16:33:36.021835-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:33:36.116109-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192236,
"ParentPID": 6029378,
"Thread": 45220065,
"EventTime": "2021-09-06T16:33:36.031838-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:33:36.116816-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636106bQv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636106,
"ParentPID": 8192238,
"Thread": 46923887,
"EventTime": "2021-09-06T16:33:36.121873-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:33:36.417685-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192240,
"ParentPID": 6684890,
"Thread": 42926323,
"EventTime": "2021-09-06T16:35:00.173408-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:35:00.224493-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192240,
"ParentPID": 6684890,
"Thread": 42926323,
"EventTime": "2021-09-06T16:35:00.173408-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:35:00.225261-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 15:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192240,
"ParentPID": 6684890,
"Thread": 42926323,
"EventTime": "2021-09-06T16:35:00.183412-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:35:00.225991-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192240,
"ParentPID": 6684890,
"Thread": 42926323,
"EventTime": "2021-09-06T16:35:00.183412-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:35:00.226676-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192242,
"ParentPID": 5439688,
"Thread": 33358027,
"EventTime": "2021-09-06T16:36:00.120530-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:36:00.352057-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192244,
"ParentPID": 6684890,
"Thread": 45875387,
"EventTime": "2021-09-06T16:40:00.188815-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:40:00.439984-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192244,
"ParentPID": 6684890,
"Thread": 45875387,
"EventTime": "2021-09-06T16:40:00.188815-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:40:00.440787-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 15:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192244,
"ParentPID": 6684890,
"Thread": 45875387,
"EventTime": "2021-09-06T16:40:00.193541-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:40:00.441510-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192244,
"ParentPID": 6684890,
"Thread": 45875387,
"EventTime": "2021-09-06T16:40:00.193541-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:40:00.442191-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192246,
"ParentPID": 6684890,
"Thread": 44105893,
"EventTime": "2021-09-06T16:45:00.194155-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:45:00.355507-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192246,
"ParentPID": 6684890,
"Thread": 44105893,
"EventTime": "2021-09-06T16:45:00.194155-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:45:00.356407-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 15:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192246,
"ParentPID": 6684890,
"Thread": 44105893,
"EventTime": "2021-09-06T16:45:00.203250-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:45:00.357144-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192246,
"ParentPID": 6684890,
"Thread": 44105893,
"EventTime": "2021-09-06T16:45:00.204158-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:45:00.357863-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008913002XQ9aaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8913002,
"ParentPID": 5636116,
"Thread": 43057347,
"EventTime": "2021-09-06T16:48:36.250342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:48:36.467587-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 5636124,
"ParentPID": 8192248,
"Thread": 39256227,
"EventTime": "2021-09-06T16:48:36.270341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:48:36.468405-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 5636124,
"ParentPID": 8192248,
"Thread": 39256227,
"EventTime": "2021-09-06T16:48:36.277940-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:48:36.469120-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008913026Y79aaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8913026,
"ParentPID": 5636126,
"Thread": 43057371,
"EventTime": "2021-09-06T16:48:36.366435-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:48:36.469793-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192250,
"ParentPID": 6684890,
"Thread": 41812173,
"EventTime": "2021-09-06T16:50:00.209451-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:50:00.307068-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192250,
"ParentPID": 6684890,
"Thread": 41812173,
"EventTime": "2021-09-06T16:50:00.209451-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:50:00.307901-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 15:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192250,
"ParentPID": 6684890,
"Thread": 41812173,
"EventTime": "2021-09-06T16:50:00.209451-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:50:00.308684-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192250,
"ParentPID": 6684890,
"Thread": 41812173,
"EventTime": "2021-09-06T16:50:00.209451-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:50:00.309369-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192252,
"ParentPID": 6684890,
"Thread": 31653977,
"EventTime": "2021-09-06T16:55:00.220412-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:55:00.485728-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192252,
"ParentPID": 6684890,
"Thread": 31653977,
"EventTime": "2021-09-06T16:55:00.220412-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:55:00.486481-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 15:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192252,
"ParentPID": 6684890,
"Thread": 31653977,
"EventTime": "2021-09-06T16:55:00.220412-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:55:00.487211-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192252,
"ParentPID": 6684890,
"Thread": 31653977,
"EventTime": "2021-09-06T16:55:00.220412-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T16:55:00.487909-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192254,
"ParentPID": 6684890,
"Thread": 45875405,
"EventTime": "2021-09-06T17:00:00.227342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:00:00.338240-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192254,
"ParentPID": 6684890,
"Thread": 45875405,
"EventTime": "2021-09-06T17:00:00.227342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:00:00.339047-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 16:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192254,
"ParentPID": 6684890,
"Thread": 45875405,
"EventTime": "2021-09-06T17:00:00.227342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:00:00.339771-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192254,
"ParentPID": 6684890,
"Thread": 45875405,
"EventTime": "2021-09-06T17:00:00.234136-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:00:00.340457-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913030,
"ParentPID": 5439688,
"Thread": 22937801,
"EventTime": "2021-09-06T17:01:33.340989-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:01:33.502408-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913032,
"ParentPID": 5439688,
"Thread": 22937803,
"EventTime": "2021-09-06T17:01:33.611778-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:01:33.804171-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913034,
"ParentPID": 5439688,
"Thread": 22937805,
"EventTime": "2021-09-06T17:01:38.896695-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:01:38.921148-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913036,
"ParentPID": 5439688,
"Thread": 22937807,
"EventTime": "2021-09-06T17:01:40.023340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:01:40.130966-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913038,
"ParentPID": 5439688,
"Thread": 22937809,
"EventTime": "2021-09-06T17:01:40.323558-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:01:40.434226-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913040,
"ParentPID": 5439688,
"Thread": 22937811,
"EventTime": "2021-09-06T17:01:45.384574-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:01:45.555889-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.08192002",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 11468900,
"ParentPID": 8192002,
"Thread": 44105915,
"EventTime": "2021-09-06T17:01:45.403375-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:01:45.556511-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913042,
"ParentPID": 5439688,
"Thread": 22937813,
"EventTime": "2021-09-06T17:01:50.513340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:01:50.679940-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913044,
"ParentPID": 5439688,
"Thread": 22937815,
"EventTime": "2021-09-06T17:01:50.779277-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:01:50.984177-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913046,
"ParentPID": 5439688,
"Thread": 22937817,
"EventTime": "2021-09-06T17:01:51.039948-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:01:51.294203-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913048,
"ParentPID": 5439688,
"Thread": 22937819,
"EventTime": "2021-09-06T17:01:51.303340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:01:51.602324-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011468922S7HMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468922,
"ParentPID": 8192012,
"Thread": 44237055,
"EventTime": "2021-09-06T17:03:36.489340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:03:36.500734-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192020,
"ParentPID": 8913052,
"Thread": 33226909,
"EventTime": "2021-09-06T17:03:36.509340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:03:36.810276-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192020,
"ParentPID": 8913052,
"Thread": 33226909,
"EventTime": "2021-09-06T17:03:36.509340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:03:36.811092-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011468946TqHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468946,
"ParentPID": 8192022,
"Thread": 44236823,
"EventTime": "2021-09-06T17:03:36.609839-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:03:36.811825-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8913054,
"ParentPID": 6684890,
"Thread": 44105919,
"EventTime": "2021-09-06T17:05:00.239555-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:05:00.336148-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8913054,
"ParentPID": 6684890,
"Thread": 44105919,
"EventTime": "2021-09-06T17:05:00.239555-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:05:00.336916-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 16:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8913054,
"ParentPID": 6684890,
"Thread": 44105919,
"EventTime": "2021-09-06T17:05:00.239555-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:05:00.337727-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8913054,
"ParentPID": 6684890,
"Thread": 44105919,
"EventTime": "2021-09-06T17:05:00.239555-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:05:00.338418-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913056,
"ParentPID": 5439688,
"Thread": 22937829,
"EventTime": "2021-09-06T17:05:08.445398-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:05:08.450363-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8192024.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8192024,
"ParentPID": 8913056,
"Thread": 30081163,
"EventTime": "2021-09-06T17:05:08.572659-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:05:08.752845-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8192024",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11468962,
"ParentPID": 8192024,
"Thread": 45875431,
"EventTime": "2021-09-06T17:05:08.609861-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:05:08.753652-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11468962,
"ParentPID": 8192024,
"Thread": 45875431,
"EventTime": "2021-09-06T17:05:08.616340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:05:08.754386-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468966aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468966,
"ParentPID": 8192024,
"Thread": 45875435,
"EventTime": "2021-09-06T17:05:08.626342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:05:08.755064-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468966aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468966,
"ParentPID": 8192024,
"Thread": 45875435,
"EventTime": "2021-09-06T17:05:08.626342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:05:08.755717-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468966aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468966,
"ParentPID": 8192024,
"Thread": 45875435,
"EventTime": "2021-09-06T17:05:08.626342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:05:08.756400-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8192024/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11468972,
"ParentPID": 8192024,
"Thread": 45875441,
"EventTime": "2021-09-06T17:05:08.636341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:05:08.757067-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8192024",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11468974,
"ParentPID": 8192024,
"Thread": 45875443,
"EventTime": "2021-09-06T17:05:08.642680-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:05:08.757771-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8192026,
"ParentPID": 8913056,
"Thread": 30081165,
"EventTime": "2021-09-06T17:05:08.646341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:05:08.758417-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192026,
"ParentPID": 8913056,
"Thread": 30081165,
"EventTime": "2021-09-06T17:05:08.646341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:05:08.759059-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913058,
"ParentPID": 5439688,
"Thread": 43057389,
"EventTime": "2021-09-06T17:07:38.677575-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:38.728573-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913060,
"ParentPID": 5439688,
"Thread": 43057391,
"EventTime": "2021-09-06T17:07:39.161340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:39.330568-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8192028.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8192028,
"ParentPID": 8913060,
"Thread": 30081167,
"EventTime": "2021-09-06T17:07:39.291341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:39.331322-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8192028",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11468990,
"ParentPID": 8192028,
"Thread": 45875203,
"EventTime": "2021-09-06T17:07:39.331340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:39.632941-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11468990,
"ParentPID": 8192028,
"Thread": 45875203,
"EventTime": "2021-09-06T17:07:39.331340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:39.633736-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468994aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468994,
"ParentPID": 8192028,
"Thread": 45875207,
"EventTime": "2021-09-06T17:07:39.341341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:39.634466-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468994aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468994,
"ParentPID": 8192028,
"Thread": 45875207,
"EventTime": "2021-09-06T17:07:39.341341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:39.635144-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468994aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468994,
"ParentPID": 8192028,
"Thread": 45875207,
"EventTime": "2021-09-06T17:07:39.351340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:39.635798-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8192028/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11469000,
"ParentPID": 8192028,
"Thread": 45875213,
"EventTime": "2021-09-06T17:07:39.361340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:39.636446-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8192028",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11469002,
"ParentPID": 8192028,
"Thread": 45875215,
"EventTime": "2021-09-06T17:07:39.363558-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:39.637096-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8192030,
"ParentPID": 8913060,
"Thread": 30081169,
"EventTime": "2021-09-06T17:07:39.367332-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:39.637738-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192030,
"ParentPID": 8913060,
"Thread": 30081169,
"EventTime": "2021-09-06T17:07:39.367332-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:39.638380-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913062,
"ParentPID": 5439688,
"Thread": 43057393,
"EventTime": "2021-09-06T17:07:39.751340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:39.942444-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8192032.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8192032,
"ParentPID": 8913062,
"Thread": 30081171,
"EventTime": "2021-09-06T17:07:39.882291-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:39.943189-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8192032",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11469018,
"ParentPID": 8192032,
"Thread": 45875231,
"EventTime": "2021-09-06T17:07:39.911341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:39.943933-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11469018,
"ParentPID": 8192032,
"Thread": 45875231,
"EventTime": "2021-09-06T17:07:39.921340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:39.944619-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11469022aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11469022,
"ParentPID": 8192032,
"Thread": 45875235,
"EventTime": "2021-09-06T17:07:39.931340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:39.945275-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11469022aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11469022,
"ParentPID": 8192032,
"Thread": 45875235,
"EventTime": "2021-09-06T17:07:39.931340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:39.945929-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11469022aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11469022,
"ParentPID": 8192032,
"Thread": 45875235,
"EventTime": "2021-09-06T17:07:39.936277-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:39.946575-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8192032/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11469028,
"ParentPID": 8192032,
"Thread": 45875241,
"EventTime": "2021-09-06T17:07:39.951340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:40.252294-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8192032",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11469030,
"ParentPID": 8192032,
"Thread": 45875243,
"EventTime": "2021-09-06T17:07:39.951340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:40.253202-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8192034,
"ParentPID": 8913062,
"Thread": 30081173,
"EventTime": "2021-09-06T17:07:39.951340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:40.253952-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192034,
"ParentPID": 8913062,
"Thread": 30081173,
"EventTime": "2021-09-06T17:07:39.951340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:40.254645-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913064,
"ParentPID": 5439688,
"Thread": 43057395,
"EventTime": "2021-09-06T17:07:41.163970-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:41.465439-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8192036.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8192036,
"ParentPID": 8913064,
"Thread": 30081175,
"EventTime": "2021-09-06T17:07:41.294303-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:41.466246-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8192036",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11469046,
"ParentPID": 8192036,
"Thread": 45875259,
"EventTime": "2021-09-06T17:07:41.324313-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:41.466995-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11469046,
"ParentPID": 8192036,
"Thread": 45875259,
"EventTime": "2021-09-06T17:07:41.334316-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:41.467685-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11469050aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11469050,
"ParentPID": 8192036,
"Thread": 45875263,
"EventTime": "2021-09-06T17:07:41.344319-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:41.468345-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11469050aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11469050,
"ParentPID": 8192036,
"Thread": 45875263,
"EventTime": "2021-09-06T17:07:41.344319-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:41.469002-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11469050aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11469050,
"ParentPID": 8192036,
"Thread": 45875263,
"EventTime": "2021-09-06T17:07:41.344319-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:41.469653-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8192036/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11468800,
"ParentPID": 8192036,
"Thread": 45875269,
"EventTime": "2021-09-06T17:07:41.354322-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:41.470299-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8192036",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11468802,
"ParentPID": 8192036,
"Thread": 45875271,
"EventTime": "2021-09-06T17:07:41.361340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:41.470943-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8192038,
"ParentPID": 8913064,
"Thread": 30081177,
"EventTime": "2021-09-06T17:07:41.364326-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:41.471624-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192038,
"ParentPID": 8913064,
"Thread": 30081177,
"EventTime": "2021-09-06T17:07:41.364326-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:41.472277-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913066,
"ParentPID": 5439688,
"Thread": 43057397,
"EventTime": "2021-09-06T17:07:53.041340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:53.202227-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913068,
"ParentPID": 5439688,
"Thread": 43057399,
"EventTime": "2021-09-06T17:07:54.422375-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:54.704292-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913070,
"ParentPID": 5439688,
"Thread": 43057401,
"EventTime": "2021-09-06T17:07:55.804185-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:55.914879-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913072,
"ParentPID": 5439688,
"Thread": 43057403,
"EventTime": "2021-09-06T17:07:57.186421-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:57.427712-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8192040.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8192040,
"ParentPID": 8913072,
"Thread": 30081179,
"EventTime": "2021-09-06T17:07:57.316758-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:57.428516-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.05636190",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 11468806,
"ParentPID": 5636190,
"Thread": 45875275,
"EventTime": "2021-09-06T17:07:57.336765-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:57.429069-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8192040",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 5636198,
"ParentPID": 8192040,
"Thread": 34078737,
"EventTime": "2021-09-06T17:07:57.360340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:57.429754-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 5636198,
"ParentPID": 8192040,
"Thread": 34078737,
"EventTime": "2021-09-06T17:07:57.370383-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:57.430446-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm5636202aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 5636202,
"ParentPID": 8192040,
"Thread": 34078741,
"EventTime": "2021-09-06T17:07:57.376779-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:57.431127-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm5636202aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 5636202,
"ParentPID": 8192040,
"Thread": 34078741,
"EventTime": "2021-09-06T17:07:57.376779-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:57.431829-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm5636202aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 5636202,
"ParentPID": 8192040,
"Thread": 34078741,
"EventTime": "2021-09-06T17:07:57.380340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:57.432472-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8192040/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 5636204,
"ParentPID": 8192040,
"Thread": 34078743,
"EventTime": "2021-09-06T17:07:57.390343-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:57.433115-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8192040",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 5636206,
"ParentPID": 8192040,
"Thread": 34078745,
"EventTime": "2021-09-06T17:07:57.393451-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:57.433757-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8192042,
"ParentPID": 8913072,
"Thread": 30081181,
"EventTime": "2021-09-06T17:07:57.396785-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:57.434394-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192042,
"ParentPID": 8913072,
"Thread": 30081181,
"EventTime": "2021-09-06T17:07:57.396785-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:57.435037-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913074,
"ParentPID": 5439688,
"Thread": 43057405,
"EventTime": "2021-09-06T17:07:58.660340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:58.941227-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8192044.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8192044,
"ParentPID": 8913074,
"Thread": 30081183,
"EventTime": "2021-09-06T17:07:58.790662-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:58.942043-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8192044",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 5636222,
"ParentPID": 8192044,
"Thread": 34078761,
"EventTime": "2021-09-06T17:07:58.820669-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:58.942796-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 5636222,
"ParentPID": 8192044,
"Thread": 34078761,
"EventTime": "2021-09-06T17:07:58.820669-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:58.943480-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm5636226aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 5636226,
"ParentPID": 8192044,
"Thread": 34078765,
"EventTime": "2021-09-06T17:07:58.830672-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:58.944141-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm5636226aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 5636226,
"ParentPID": 8192044,
"Thread": 34078765,
"EventTime": "2021-09-06T17:07:58.830672-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:58.944797-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm5636226aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 5636226,
"ParentPID": 8192044,
"Thread": 34078765,
"EventTime": "2021-09-06T17:07:58.840675-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:58.945445-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8192044/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 5636228,
"ParentPID": 8192044,
"Thread": 34078767,
"EventTime": "2021-09-06T17:07:58.850679-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:58.946085-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8192044",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 5636230,
"ParentPID": 8192044,
"Thread": 34078769,
"EventTime": "2021-09-06T17:07:58.850679-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:58.946728-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8192046,
"ParentPID": 8913074,
"Thread": 30081185,
"EventTime": "2021-09-06T17:07:58.850679-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:58.947368-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192046,
"ParentPID": 8913074,
"Thread": 30081185,
"EventTime": "2021-09-06T17:07:58.850679-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:07:58.948012-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913076,
"ParentPID": 5439688,
"Thread": 43057407,
"EventTime": "2021-09-06T17:08:00.120340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:08:00.152017-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8913078,
"ParentPID": 6684890,
"Thread": 42336321,
"EventTime": "2021-09-06T17:10:00.246340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:10:00.346234-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8913078,
"ParentPID": 6684890,
"Thread": 42336321,
"EventTime": "2021-09-06T17:10:00.246340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:10:00.347082-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 16:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8913078,
"ParentPID": 6684890,
"Thread": 42336321,
"EventTime": "2021-09-06T17:10:00.246340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:10:00.347905-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8913078,
"ParentPID": 6684890,
"Thread": 42336321,
"EventTime": "2021-09-06T17:10:00.246340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:10:00.348605-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8913080,
"ParentPID": 6684890,
"Thread": 30081193,
"EventTime": "2021-09-06T17:15:00.259909-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:15:00.517660-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8913080,
"ParentPID": 6684890,
"Thread": 30081193,
"EventTime": "2021-09-06T17:15:00.259909-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:15:00.518481-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 16:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8913080,
"ParentPID": 6684890,
"Thread": 30081193,
"EventTime": "2021-09-06T17:15:00.259909-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:15:00.519248-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8913080,
"ParentPID": 6684890,
"Thread": 30081193,
"EventTime": "2021-09-06T17:15:00.263066-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:15:00.519945-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636252Nqv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636252,
"ParentPID": 8192056,
"Thread": 22937605,
"EventTime": "2021-09-06T17:18:36.739340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:18:36.885659-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192064,
"ParentPID": 8913082,
"Thread": 29622463,
"EventTime": "2021-09-06T17:18:36.757279-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:18:36.886478-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192064,
"ParentPID": 8913082,
"Thread": 29622463,
"EventTime": "2021-09-06T17:18:36.759340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:18:36.887222-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636276NYv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636276,
"ParentPID": 8192066,
"Thread": 22937629,
"EventTime": "2021-09-06T17:18:36.849341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:18:36.887911-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8913084,
"ParentPID": 6684890,
"Thread": 33358077,
"EventTime": "2021-09-06T17:20:00.266342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:20:00.428663-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8913084,
"ParentPID": 6684890,
"Thread": 33358077,
"EventTime": "2021-09-06T17:20:00.266342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:20:00.429430-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 16:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8913084,
"ParentPID": 6684890,
"Thread": 33358077,
"EventTime": "2021-09-06T17:20:00.266342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:20:00.430184-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8913084,
"ParentPID": 6684890,
"Thread": 33358077,
"EventTime": "2021-09-06T17:20:00.266342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:20:00.430877-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8913086,
"ParentPID": 6684890,
"Thread": 45875295,
"EventTime": "2021-09-06T17:25:00.276996-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:25:00.315647-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8913086,
"ParentPID": 6684890,
"Thread": 45875295,
"EventTime": "2021-09-06T17:25:00.276996-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:25:00.316469-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 16:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8913086,
"ParentPID": 6684890,
"Thread": 45875295,
"EventTime": "2021-09-06T17:25:00.276996-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:25:00.317248-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8913086,
"ParentPID": 6684890,
"Thread": 45875295,
"EventTime": "2021-09-06T17:25:00.276996-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:25:00.318017-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8913088,
"ParentPID": 6684890,
"Thread": 43188235,
"EventTime": "2021-09-06T17:30:00.286340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:30:00.486510-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8913088,
"ParentPID": 6684890,
"Thread": 43188235,
"EventTime": "2021-09-06T17:30:00.286340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:30:00.487301-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 16:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8913088,
"ParentPID": 6684890,
"Thread": 43188235,
"EventTime": "2021-09-06T17:30:00.286340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:30:00.488117-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8913088,
"ParentPID": 6684890,
"Thread": 43188235,
"EventTime": "2021-09-06T17:30:00.292679-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:30:00.488829-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-06T17:33:13.086191-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:33:13.103086-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009961630HUCaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9961630,
"ParentPID": 11337954,
"Thread": 23658685,
"EventTime": "2021-09-06T17:33:36.972651-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:33:37.168623-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11337962,
"ParentPID": 8913092,
"Thread": 44695735,
"EventTime": "2021-09-06T17:33:36.992657-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:33:37.169450-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11337962,
"ParentPID": 8913092,
"Thread": 44695735,
"EventTime": "2021-09-06T17:33:36.998340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:33:37.170194-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009961654IECaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9961654,
"ParentPID": 11337964,
"Thread": 23658709,
"EventTime": "2021-09-06T17:33:37.092695-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:33:37.170886-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913094,
"ParentPID": 5439688,
"Thread": 44236853,
"EventTime": "2021-09-06T17:34:12.720128-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:34:12.933167-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11337966.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11337966,
"ParentPID": 8913094,
"Thread": 44695739,
"EventTime": "2021-09-06T17:34:12.854905-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:34:12.933925-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11337966",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9961670,
"ParentPID": 11337966,
"Thread": 23658725,
"EventTime": "2021-09-06T17:34:12.880495-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:34:12.934660-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9961670,
"ParentPID": 11337966,
"Thread": 23658725,
"EventTime": "2021-09-06T17:34:12.890498-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:34:12.935351-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961674aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961674,
"ParentPID": 11337966,
"Thread": 23658729,
"EventTime": "2021-09-06T17:34:12.900502-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:34:12.936018-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961674aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961674,
"ParentPID": 11337966,
"Thread": 23658729,
"EventTime": "2021-09-06T17:34:12.900502-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:34:12.936670-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961674aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961674,
"ParentPID": 11337966,
"Thread": 23658729,
"EventTime": "2021-09-06T17:34:12.905868-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:34:12.937313-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11337966/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9961676,
"ParentPID": 11337966,
"Thread": 23658731,
"EventTime": "2021-09-06T17:34:12.910507-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:34:12.938781-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11337966",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9961678,
"ParentPID": 11337966,
"Thread": 23658733,
"EventTime": "2021-09-06T17:34:12.920510-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:34:12.939471-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09961680",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 5636300,
"ParentPID": 9961680,
"Thread": 34406559,
"EventTime": "2021-09-06T17:34:12.938934-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:34:13.242032-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 5636302,
"ParentPID": 8913094,
"Thread": 34406561,
"EventTime": "2021-09-06T17:34:12.941415-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:34:13.242845-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636302,
"ParentPID": 8913094,
"Thread": 34406561,
"EventTime": "2021-09-06T17:34:12.941415-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:34:13.243587-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8913096,
"ParentPID": 6684890,
"Thread": 40566969,
"EventTime": "2021-09-06T17:35:00.296659-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:35:00.401927-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8913096,
"ParentPID": 6684890,
"Thread": 40566969,
"EventTime": "2021-09-06T17:35:00.296659-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:35:00.402711-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 16:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8913096,
"ParentPID": 6684890,
"Thread": 40566969,
"EventTime": "2021-09-06T17:35:00.300787-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:35:00.403470-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8913096,
"ParentPID": 6684890,
"Thread": 40566969,
"EventTime": "2021-09-06T17:35:00.300787-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:35:00.404181-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913098,
"ParentPID": 5439688,
"Thread": 44826703,
"EventTime": "2021-09-06T17:37:57.609340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:37:57.667183-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8913100,
"ParentPID": 6684890,
"Thread": 42926109,
"EventTime": "2021-09-06T17:40:00.305341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:40:00.568915-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8913100,
"ParentPID": 6684890,
"Thread": 42926109,
"EventTime": "2021-09-06T17:40:00.305341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:40:00.569695-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 16:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8913100,
"ParentPID": 6684890,
"Thread": 42926109,
"EventTime": "2021-09-06T17:40:00.311136-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:40:00.570457-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8913100,
"ParentPID": 6684890,
"Thread": 42926109,
"EventTime": "2021-09-06T17:40:00.311136-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:40:00.571156-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8913102,
"ParentPID": 6684890,
"Thread": 37355609,
"EventTime": "2021-09-06T17:45:00.320110-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:45:00.498330-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8913102,
"ParentPID": 6684890,
"Thread": 37355609,
"EventTime": "2021-09-06T17:45:00.320110-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:45:00.499161-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 16:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8913102,
"ParentPID": 6684890,
"Thread": 37355609,
"EventTime": "2021-09-06T17:45:00.320110-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:45:00.499926-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8913102,
"ParentPID": 6684890,
"Thread": 37355609,
"EventTime": "2021-09-06T17:45:00.320110-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:45:00.500629-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009961702CECaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9961702,
"ParentPID": 5636312,
"Thread": 45547597,
"EventTime": "2021-09-06T17:48:37.218340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:48:37.509230-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 5636320,
"ParentPID": 8913104,
"Thread": 43712537,
"EventTime": "2021-09-06T17:48:37.238340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:48:37.510059-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 5636320,
"ParentPID": 8913104,
"Thread": 43712537,
"EventTime": "2021-09-06T17:48:37.245538-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:48:37.510808-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636342Dqv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636342,
"ParentPID": 10551548,
"Thread": 43712559,
"EventTime": "2021-09-06T17:48:37.325571-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:48:37.511505-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8913106,
"ParentPID": 6684890,
"Thread": 45744377,
"EventTime": "2021-09-06T17:50:00.325817-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:50:00.487098-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8913106,
"ParentPID": 6684890,
"Thread": 45744377,
"EventTime": "2021-09-06T17:50:00.325817-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:50:00.487935-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 16:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8913106,
"ParentPID": 6684890,
"Thread": 45744377,
"EventTime": "2021-09-06T17:50:00.325817-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:50:00.488695-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8913106,
"ParentPID": 6684890,
"Thread": 45744377,
"EventTime": "2021-09-06T17:50:00.325817-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:50:00.489400-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8913108,
"ParentPID": 6684890,
"Thread": 45744133,
"EventTime": "2021-09-06T17:55:00.339881-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:55:00.386398-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8913108,
"ParentPID": 6684890,
"Thread": 45744133,
"EventTime": "2021-09-06T17:55:00.339881-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:55:00.387220-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 16:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8913108,
"ParentPID": 6684890,
"Thread": 45744133,
"EventTime": "2021-09-06T17:55:00.339881-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:55:00.387993-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8913108,
"ParentPID": 6684890,
"Thread": 45744133,
"EventTime": "2021-09-06T17:55:00.339881-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T17:55:00.388705-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8913110,
"ParentPID": 6684890,
"Thread": 30933207,
"EventTime": "2021-09-06T18:00:00.350433-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:00:00.610298-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8913110,
"ParentPID": 6684890,
"Thread": 30933207,
"EventTime": "2021-09-06T18:00:00.350433-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:00:00.611084-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 17:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8913110,
"ParentPID": 6684890,
"Thread": 30933207,
"EventTime": "2021-09-06T18:00:00.350433-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:00:00.611857-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8913110,
"ParentPID": 6684890,
"Thread": 30933207,
"EventTime": "2021-09-06T18:00:00.350433-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:00:00.612581-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289310,
"ParentPID": 5439688,
"Thread": 47448157,
"EventTime": "2021-09-06T18:01:22.167939-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:01:22.365453-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289312,
"ParentPID": 5439688,
"Thread": 47448159,
"EventTime": "2021-09-06T18:01:22.438691-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:01:22.668668-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289314,
"ParentPID": 5439688,
"Thread": 47448161,
"EventTime": "2021-09-06T18:01:27.766029-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:01:27.784517-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289316,
"ParentPID": 5439688,
"Thread": 47448163,
"EventTime": "2021-09-06T18:01:27.903910-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:01:28.093113-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289318,
"ParentPID": 5439688,
"Thread": 47448165,
"EventTime": "2021-09-06T18:01:28.953194-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:01:28.997729-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289320,
"ParentPID": 5439688,
"Thread": 47448167,
"EventTime": "2021-09-06T18:01:29.242340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:01:29.303152-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289322,
"ParentPID": 5439688,
"Thread": 47448169,
"EventTime": "2021-09-06T18:01:34.261340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:01:34.426738-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289324,
"ParentPID": 5439688,
"Thread": 47448171,
"EventTime": "2021-09-06T18:01:39.491340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:01:39.547386-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289326,
"ParentPID": 5439688,
"Thread": 47448173,
"EventTime": "2021-09-06T18:01:39.751340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:01:39.852155-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289328,
"ParentPID": 5439688,
"Thread": 47448175,
"EventTime": "2021-09-06T18:01:40.011340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:01:40.159004-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00081921048q6qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8192104,
"ParentPID": 8913122,
"Thread": 44236877,
"EventTime": "2021-09-06T18:03:37.447340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:03:37.634669-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8913130,
"ParentPID": 10289332,
"Thread": 34406581,
"EventTime": "2021-09-06T18:03:37.467340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:03:37.635498-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8913130,
"ParentPID": 10289332,
"Thread": 34406581,
"EventTime": "2021-09-06T18:03:37.473612-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:03:37.636248-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00081921289a6qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8192128,
"ParentPID": 8913132,
"Thread": 44236901,
"EventTime": "2021-09-06T18:03:37.567340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:03:37.636969-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8913134,
"ParentPID": 6684890,
"Thread": 33947729,
"EventTime": "2021-09-06T18:05:00.354340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:05:00.553960-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8913134,
"ParentPID": 6684890,
"Thread": 33947729,
"EventTime": "2021-09-06T18:05:00.354340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:05:00.554877-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 17:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8913134,
"ParentPID": 6684890,
"Thread": 33947729,
"EventTime": "2021-09-06T18:05:00.354340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:05:00.555685-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8913134,
"ParentPID": 6684890,
"Thread": 33947729,
"EventTime": "2021-09-06T18:05:00.354340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:05:00.556420-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913136,
"ParentPID": 5439688,
"Thread": 34406593,
"EventTime": "2021-09-06T18:07:54.889340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:54.898846-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913138,
"ParentPID": 5439688,
"Thread": 34406595,
"EventTime": "2021-09-06T18:07:55.309340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:55.506602-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10289334.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10289334,
"ParentPID": 8913138,
"Thread": 37355631,
"EventTime": "2021-09-06T18:07:55.439340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:55.507356-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10289334",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 8192144,
"ParentPID": 10289334,
"Thread": 42926145,
"EventTime": "2021-09-06T18:07:55.469340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:55.508093-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 8192144,
"ParentPID": 10289334,
"Thread": 42926145,
"EventTime": "2021-09-06T18:07:55.480001-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:55.508774-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm8192148aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8192148,
"ParentPID": 10289334,
"Thread": 42926149,
"EventTime": "2021-09-06T18:07:55.487757-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:55.514140-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm8192148aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8192148,
"ParentPID": 10289334,
"Thread": 42926149,
"EventTime": "2021-09-06T18:07:55.489340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:55.514846-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm8192148aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8192148,
"ParentPID": 10289334,
"Thread": 42926149,
"EventTime": "2021-09-06T18:07:55.489340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:55.515499-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10289334/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 8192150,
"ParentPID": 10289334,
"Thread": 42926151,
"EventTime": "2021-09-06T18:07:55.519377-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:55.819505-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.11337748",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9437286,
"ParentPID": 11337748,
"Thread": 30933219,
"EventTime": "2021-09-06T18:07:55.519377-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:55.820096-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10289334",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 8192152,
"ParentPID": 10289334,
"Thread": 42926153,
"EventTime": "2021-09-06T18:07:55.519377-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:55.820890-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11337750,
"ParentPID": 8913138,
"Thread": 36438205,
"EventTime": "2021-09-06T18:07:55.519377-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:55.821595-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11337750,
"ParentPID": 8913138,
"Thread": 36438205,
"EventTime": "2021-09-06T18:07:55.519377-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:55.822279-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913140,
"ParentPID": 5439688,
"Thread": 34406597,
"EventTime": "2021-09-06T18:07:55.889340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:56.130180-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11337752.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11337752,
"ParentPID": 8913140,
"Thread": 36438207,
"EventTime": "2021-09-06T18:07:56.019340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:56.131008-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11337752",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10289350,
"ParentPID": 11337752,
"Thread": 37355647,
"EventTime": "2021-09-06T18:07:56.059753-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:56.131744-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10289350,
"ParentPID": 11337752,
"Thread": 37355647,
"EventTime": "2021-09-06T18:07:56.059753-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:56.132428-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289354aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289354,
"ParentPID": 11337752,
"Thread": 37355651,
"EventTime": "2021-09-06T18:07:56.069340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:56.133094-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289354aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289354,
"ParentPID": 11337752,
"Thread": 37355651,
"EventTime": "2021-09-06T18:07:56.069340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:56.133742-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289354aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289354,
"ParentPID": 11337752,
"Thread": 37355651,
"EventTime": "2021-09-06T18:07:56.079340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:56.134384-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11337752/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10289360,
"ParentPID": 11337752,
"Thread": 37355657,
"EventTime": "2021-09-06T18:07:56.089340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:56.135023-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11337752",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10289362,
"ParentPID": 11337752,
"Thread": 37355659,
"EventTime": "2021-09-06T18:07:56.089340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:56.135663-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11337754,
"ParentPID": 8913140,
"Thread": 36438209,
"EventTime": "2021-09-06T18:07:56.089340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:56.136306-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11337754,
"ParentPID": 8913140,
"Thread": 36438209,
"EventTime": "2021-09-06T18:07:56.089340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:56.136949-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913142,
"ParentPID": 5439688,
"Thread": 34406599,
"EventTime": "2021-09-06T18:07:57.341535-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:57.643083-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11337756.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11337756,
"ParentPID": 8913142,
"Thread": 36438211,
"EventTime": "2021-09-06T18:07:57.478367-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:57.643998-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11337756",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10289378,
"ParentPID": 11337756,
"Thread": 37355675,
"EventTime": "2021-09-06T18:07:57.509816-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:57.644739-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10289378,
"ParentPID": 11337756,
"Thread": 37355675,
"EventTime": "2021-09-06T18:07:57.511880-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:57.645430-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289382aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289382,
"ParentPID": 11337756,
"Thread": 37355679,
"EventTime": "2021-09-06T18:07:57.521883-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:57.646097-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289382aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289382,
"ParentPID": 11337756,
"Thread": 37355679,
"EventTime": "2021-09-06T18:07:57.521883-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:57.646747-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289382aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289382,
"ParentPID": 11337756,
"Thread": 37355679,
"EventTime": "2021-09-06T18:07:57.528340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:57.647391-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11337756/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10289388,
"ParentPID": 11337756,
"Thread": 37355685,
"EventTime": "2021-09-06T18:07:57.538340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:57.648032-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11337756",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10289390,
"ParentPID": 11337756,
"Thread": 37355687,
"EventTime": "2021-09-06T18:07:57.541890-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:57.648723-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11337758,
"ParentPID": 8913142,
"Thread": 36438213,
"EventTime": "2021-09-06T18:07:57.541890-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:57.649418-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11337758,
"ParentPID": 8913142,
"Thread": 36438213,
"EventTime": "2021-09-06T18:07:57.541890-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:07:57.650066-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913144,
"ParentPID": 5439688,
"Thread": 33947743,
"EventTime": "2021-09-06T18:08:09.290161-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:09.376266-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913146,
"ParentPID": 5439688,
"Thread": 33947745,
"EventTime": "2021-09-06T18:08:10.689068-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:10.890449-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913148,
"ParentPID": 5439688,
"Thread": 33947747,
"EventTime": "2021-09-06T18:08:12.072743-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:12.103792-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8913150,
"ParentPID": 5439688,
"Thread": 33947749,
"EventTime": "2021-09-06T18:08:13.458340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:13.619208-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11337760.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11337760,
"ParentPID": 8913150,
"Thread": 36438215,
"EventTime": "2021-09-06T18:08:13.588340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:13.620024-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11337760",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10289406,
"ParentPID": 11337760,
"Thread": 37355703,
"EventTime": "2021-09-06T18:08:13.621946-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:13.923916-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10289406,
"ParentPID": 11337760,
"Thread": 37355703,
"EventTime": "2021-09-06T18:08:13.628341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:13.924727-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289154aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289154,
"ParentPID": 11337760,
"Thread": 37355707,
"EventTime": "2021-09-06T18:08:13.638394-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:13.925461-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289154aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289154,
"ParentPID": 11337760,
"Thread": 37355707,
"EventTime": "2021-09-06T18:08:13.638394-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:13.926154-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289154aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289154,
"ParentPID": 11337760,
"Thread": 37355707,
"EventTime": "2021-09-06T18:08:13.638394-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:13.926818-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11337760/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10289160,
"ParentPID": 11337760,
"Thread": 37355713,
"EventTime": "2021-09-06T18:08:13.652498-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:13.927466-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11337760",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10289162,
"ParentPID": 11337760,
"Thread": 37355715,
"EventTime": "2021-09-06T18:08:13.652498-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:13.928121-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11337762,
"ParentPID": 8913150,
"Thread": 36438217,
"EventTime": "2021-09-06T18:08:13.658340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:13.928873-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11337762,
"ParentPID": 8913150,
"Thread": 36438217,
"EventTime": "2021-09-06T18:08:13.658340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:13.929576-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8912896,
"ParentPID": 5439688,
"Thread": 36044869,
"EventTime": "2021-09-06T18:08:14.920284-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:15.141596-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11337764.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11337764,
"ParentPID": 8912896,
"Thread": 44564717,
"EventTime": "2021-09-06T18:08:15.050625-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:15.142417-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11337764",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10289178,
"ParentPID": 11337764,
"Thread": 33226945,
"EventTime": "2021-09-06T18:08:15.080634-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:15.143147-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10289178,
"ParentPID": 11337764,
"Thread": 33226945,
"EventTime": "2021-09-06T18:08:15.090673-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:15.143845-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289182aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289182,
"ParentPID": 11337764,
"Thread": 33226949,
"EventTime": "2021-09-06T18:08:15.100676-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:15.144513-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289182aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289182,
"ParentPID": 11337764,
"Thread": 33226949,
"EventTime": "2021-09-06T18:08:15.100676-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:15.145160-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289182aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289182,
"ParentPID": 11337764,
"Thread": 33226949,
"EventTime": "2021-09-06T18:08:15.100676-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:15.145807-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11337764/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10289184,
"ParentPID": 11337764,
"Thread": 33226951,
"EventTime": "2021-09-06T18:08:15.110679-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:15.146451-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11337764",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10289186,
"ParentPID": 11337764,
"Thread": 33226953,
"EventTime": "2021-09-06T18:08:15.110679-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:15.147095-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11337766,
"ParentPID": 8912896,
"Thread": 44564719,
"EventTime": "2021-09-06T18:08:15.120683-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:15.147738-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11337766,
"ParentPID": 8912896,
"Thread": 44564719,
"EventTime": "2021-09-06T18:08:15.120683-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:15.148427-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8912898,
"ParentPID": 5439688,
"Thread": 43843585,
"EventTime": "2021-09-06T18:08:16.381302-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:16.655754-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8912900,
"ParentPID": 5439688,
"Thread": 43843587,
"EventTime": "2021-09-06T18:08:26.898340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:27.199437-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11337768.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11337768,
"ParentPID": 8912900,
"Thread": 47775959,
"EventTime": "2021-09-06T18:08:27.027345-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:27.200254-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11337768",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10289202,
"ParentPID": 11337768,
"Thread": 31785113,
"EventTime": "2021-09-06T18:08:27.057343-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:27.200993-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10289202,
"ParentPID": 11337768,
"Thread": 31785113,
"EventTime": "2021-09-06T18:08:27.067371-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:27.201689-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289206aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289206,
"ParentPID": 11337768,
"Thread": 31785117,
"EventTime": "2021-09-06T18:08:27.073066-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:27.202363-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289206aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289206,
"ParentPID": 11337768,
"Thread": 31785117,
"EventTime": "2021-09-06T18:08:27.077340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:27.203017-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289206aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289206,
"ParentPID": 11337768,
"Thread": 31785117,
"EventTime": "2021-09-06T18:08:27.077340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:27.203673-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11337768/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10289208,
"ParentPID": 11337768,
"Thread": 31785119,
"EventTime": "2021-09-06T18:08:27.087340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:27.204321-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11337768",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10289210,
"ParentPID": 11337768,
"Thread": 31785121,
"EventTime": "2021-09-06T18:08:27.093073-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:27.204965-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11337770,
"ParentPID": 8912900,
"Thread": 47775961,
"EventTime": "2021-09-06T18:08:27.097340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:27.205613-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11337770,
"ParentPID": 8912900,
"Thread": 47775961,
"EventTime": "2021-09-06T18:08:27.097340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:27.206253-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.08912902",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 11337772,
"ParentPID": 8912902,
"Thread": 47775963,
"EventTime": "2021-09-06T18:08:27.107341-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:27.206731-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8912904,
"ParentPID": 5439688,
"Thread": 43843591,
"EventTime": "2021-09-06T18:08:27.897340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:28.108231-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11337774.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11337774,
"ParentPID": 8912904,
"Thread": 47775965,
"EventTime": "2021-09-06T18:08:28.027341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:28.109047-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11337774",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10289226,
"ParentPID": 11337774,
"Thread": 31785137,
"EventTime": "2021-09-06T18:08:28.057457-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:28.109782-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10289226,
"ParentPID": 11337774,
"Thread": 31785137,
"EventTime": "2021-09-06T18:08:28.065522-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:28.110477-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289230aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289230,
"ParentPID": 11337774,
"Thread": 31785141,
"EventTime": "2021-09-06T18:08:28.075526-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:28.111144-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289230aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289230,
"ParentPID": 11337774,
"Thread": 31785141,
"EventTime": "2021-09-06T18:08:28.075526-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:28.111793-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289230aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289230,
"ParentPID": 11337774,
"Thread": 31785141,
"EventTime": "2021-09-06T18:08:28.077340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:28.112440-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11337774/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10289236,
"ParentPID": 11337774,
"Thread": 31785147,
"EventTime": "2021-09-06T18:08:28.087340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:28.113082-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11337774",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10289238,
"ParentPID": 11337774,
"Thread": 31785149,
"EventTime": "2021-09-06T18:08:28.087340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:28.113724-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11337776,
"ParentPID": 8912904,
"Thread": 47775967,
"EventTime": "2021-09-06T18:08:28.095533-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:28.114366-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11337776,
"ParentPID": 8912904,
"Thread": 47775967,
"EventTime": "2021-09-06T18:08:28.095533-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:08:28.115005-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8912906,
"ParentPID": 6684890,
"Thread": 45678683,
"EventTime": "2021-09-06T18:10:00.368640-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:10:00.650268-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8912906,
"ParentPID": 6684890,
"Thread": 45678683,
"EventTime": "2021-09-06T18:10:00.368640-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:10:00.651091-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 17:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8912906,
"ParentPID": 6684890,
"Thread": 45678683,
"EventTime": "2021-09-06T18:10:00.368640-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:10:00.651849-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8912906,
"ParentPID": 6684890,
"Thread": 45678683,
"EventTime": "2021-09-06T18:10:00.368640-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:10:00.652558-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8912908,
"ParentPID": 6684890,
"Thread": 44564725,
"EventTime": "2021-09-06T18:15:00.379782-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:15:00.551218-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8912908,
"ParentPID": 6684890,
"Thread": 44564725,
"EventTime": "2021-09-06T18:15:00.379782-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:15:00.552043-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 17:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8912908,
"ParentPID": 6684890,
"Thread": 44564725,
"EventTime": "2021-09-06T18:15:00.379782-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:15:00.552799-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8912908,
"ParentPID": 6684890,
"Thread": 44564725,
"EventTime": "2021-09-06T18:15:00.379782-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:15:00.553507-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00102892602YDqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10289260,
"ParentPID": 11337786,
"Thread": 28704983,
"EventTime": "2021-09-06T18:18:37.688962-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:18:37.818155-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11337794,
"ParentPID": 8912910,
"Thread": 42991659,
"EventTime": "2021-09-06T18:18:37.711142-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:18:37.818989-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11337794,
"ParentPID": 8912910,
"Thread": 42991659,
"EventTime": "2021-09-06T18:18:37.718971-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:18:37.819731-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00102892843IDqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10289284,
"ParentPID": 11337796,
"Thread": 28705007,
"EventTime": "2021-09-06T18:18:37.809000-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:18:37.820437-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8912912,
"ParentPID": 6684890,
"Thread": 42926197,
"EventTime": "2021-09-06T18:20:00.386526-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:20:00.436164-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8912912,
"ParentPID": 6684890,
"Thread": 42926197,
"EventTime": "2021-09-06T18:20:00.386526-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:20:00.437006-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 17:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8912912,
"ParentPID": 6684890,
"Thread": 42926197,
"EventTime": "2021-09-06T18:20:00.386526-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:20:00.437754-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8912912,
"ParentPID": 6684890,
"Thread": 42926197,
"EventTime": "2021-09-06T18:20:00.386526-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:20:00.438464-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8912914,
"ParentPID": 6684890,
"Thread": 31654043,
"EventTime": "2021-09-06T18:25:00.394341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:25:00.659028-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8912914,
"ParentPID": 6684890,
"Thread": 31654043,
"EventTime": "2021-09-06T18:25:00.394341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:25:00.659802-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 17:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8912914,
"ParentPID": 6684890,
"Thread": 31654043,
"EventTime": "2021-09-06T18:25:00.400672-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:25:00.660550-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8912914,
"ParentPID": 6684890,
"Thread": 31654043,
"EventTime": "2021-09-06T18:25:00.400672-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:25:00.661262-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8912916,
"ParentPID": 6684890,
"Thread": 47120427,
"EventTime": "2021-09-06T18:30:00.404828-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:30:00.605985-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8912916,
"ParentPID": 6684890,
"Thread": 47120427,
"EventTime": "2021-09-06T18:30:00.404828-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:30:00.606769-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 17:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8912916,
"ParentPID": 6684890,
"Thread": 47120427,
"EventTime": "2021-09-06T18:30:00.404828-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:30:00.607531-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8912916,
"ParentPID": 6684890,
"Thread": 47120427,
"EventTime": "2021-09-06T18:30:00.412022-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:30:00.608248-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-06T18:33:12.968003-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:33:13.269061-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010289306wIDqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10289306,
"ParentPID": 11337806,
"Thread": 31785173,
"EventTime": "2021-09-06T18:33:37.941633-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:33:38.237525-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11337814,
"ParentPID": 8912920,
"Thread": 45219885,
"EventTime": "2021-09-06T18:33:37.956340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:33:38.238354-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11337814,
"ParentPID": 8912920,
"Thread": 45219885,
"EventTime": "2021-09-06T18:33:37.961639-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:33:38.239089-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010289330xyDqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10289330,
"ParentPID": 9961708,
"Thread": 31785197,
"EventTime": "2021-09-06T18:33:38.046342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:33:38.239790-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8912922,
"ParentPID": 6684890,
"Thread": 31654061,
"EventTime": "2021-09-06T18:35:00.415297-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:35:00.560566-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8912922,
"ParentPID": 6684890,
"Thread": 31654061,
"EventTime": "2021-09-06T18:35:00.415297-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:35:00.561345-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 17:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8912922,
"ParentPID": 6684890,
"Thread": 31654061,
"EventTime": "2021-09-06T18:35:00.415297-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:35:00.562089-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8912922,
"ParentPID": 6684890,
"Thread": 31654061,
"EventTime": "2021-09-06T18:35:00.422010-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:35:00.562813-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8912924,
"ParentPID": 5439688,
"Thread": 43712569,
"EventTime": "2021-09-06T18:38:29.317036-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:38:29.417946-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8912926,
"ParentPID": 6684890,
"Thread": 31654077,
"EventTime": "2021-09-06T18:40:00.425012-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:40:00.465920-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8912926,
"ParentPID": 6684890,
"Thread": 31654077,
"EventTime": "2021-09-06T18:40:00.425012-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:40:00.466743-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 17:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8912926,
"ParentPID": 6684890,
"Thread": 31654077,
"EventTime": "2021-09-06T18:40:00.425012-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:40:00.467484-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8912926,
"ParentPID": 6684890,
"Thread": 31654077,
"EventTime": "2021-09-06T18:40:00.425012-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:40:00.468199-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8912928,
"ParentPID": 6684890,
"Thread": 31654089,
"EventTime": "2021-09-06T18:45:00.431996-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:45:00.650690-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8912928,
"ParentPID": 6684890,
"Thread": 31654089,
"EventTime": "2021-09-06T18:45:00.431996-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:45:00.651475-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 17:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8912928,
"ParentPID": 6684890,
"Thread": 31654089,
"EventTime": "2021-09-06T18:45:00.431996-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:45:00.652223-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8912928,
"ParentPID": 6684890,
"Thread": 31654089,
"EventTime": "2021-09-06T18:45:00.431996-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:45:00.652937-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011468874ruHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468874,
"ParentPID": 5636144,
"Thread": 46727243,
"EventTime": "2021-09-06T18:48:38.166340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:48:38.248954-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 5636152,
"ParentPID": 8912930,
"Thread": 45744191,
"EventTime": "2021-09-06T18:48:38.186340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:48:38.249796-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 5636152,
"ParentPID": 8912930,
"Thread": 45744191,
"EventTime": "2021-09-06T18:48:38.196340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:48:38.250593-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.05636154",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9437328,
"ParentPID": 5636154,
"Thread": 47906887,
"EventTime": "2021-09-06T18:48:38.216340-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:48:38.251156-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008192020sa6qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8192020,
"ParentPID": 10551338,
"Thread": 47972543,
"EventTime": "2021-09-06T18:48:38.276344-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:48:38.557498-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8912932,
"ParentPID": 6684890,
"Thread": 31654105,
"EventTime": "2021-09-06T18:50:00.443340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:50:00.600384-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8912932,
"ParentPID": 6684890,
"Thread": 31654105,
"EventTime": "2021-09-06T18:50:00.443340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:50:00.601165-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 17:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8912932,
"ParentPID": 6684890,
"Thread": 31654105,
"EventTime": "2021-09-06T18:50:00.443340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:50:00.601909-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8912932,
"ParentPID": 6684890,
"Thread": 31654105,
"EventTime": "2021-09-06T18:50:00.450169-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:50:00.602629-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8912934,
"ParentPID": 6684890,
"Thread": 36765845,
"EventTime": "2021-09-06T18:55:00.455252-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:55:00.517593-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8912934,
"ParentPID": 6684890,
"Thread": 36765845,
"EventTime": "2021-09-06T18:55:00.455252-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:55:00.518365-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 17:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8912934,
"ParentPID": 6684890,
"Thread": 36765845,
"EventTime": "2021-09-06T18:55:00.455252-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:55:00.519106-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8912934,
"ParentPID": 6684890,
"Thread": 36765845,
"EventTime": "2021-09-06T18:55:00.455252-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T18:55:00.519824-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8912936,
"ParentPID": 6684890,
"Thread": 42926223,
"EventTime": "2021-09-06T19:00:00.464207-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:00:00.677773-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8912936,
"ParentPID": 6684890,
"Thread": 42926223,
"EventTime": "2021-09-06T19:00:00.464207-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:00:00.678546-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 18:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8912936,
"ParentPID": 6684890,
"Thread": 42926223,
"EventTime": "2021-09-06T19:00:00.464207-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:00:00.679289-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8912936,
"ParentPID": 6684890,
"Thread": 42926223,
"EventTime": "2021-09-06T19:00:00.464207-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:00:00.680004-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192024,
"ParentPID": 5439688,
"Thread": 31654121,
"EventTime": "2021-09-06T19:01:42.759375-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:01:42.890431-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192026,
"ParentPID": 5439688,
"Thread": 31654123,
"EventTime": "2021-09-06T19:01:43.029994-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:01:43.193841-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192028,
"ParentPID": 5439688,
"Thread": 31654125,
"EventTime": "2021-09-06T19:01:48.319182-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:01:48.325458-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192030,
"ParentPID": 5439688,
"Thread": 31654127,
"EventTime": "2021-09-06T19:01:49.469340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:01:49.529635-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192032,
"ParentPID": 5439688,
"Thread": 31654129,
"EventTime": "2021-09-06T19:01:49.739340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:01:49.830722-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192034,
"ParentPID": 5439688,
"Thread": 31654131,
"EventTime": "2021-09-06T19:01:54.933923-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:01:54.950534-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192036,
"ParentPID": 5439688,
"Thread": 31654133,
"EventTime": "2021-09-06T19:02:00.019894-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:02:00.068990-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192038,
"ParentPID": 5439688,
"Thread": 31654135,
"EventTime": "2021-09-06T19:02:00.279340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:02:00.370158-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192040,
"ParentPID": 5439688,
"Thread": 31654137,
"EventTime": "2021-09-06T19:02:00.559450-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:02:00.676450-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192042,
"ParentPID": 5439688,
"Thread": 31654139,
"EventTime": "2021-09-06T19:02:00.820124-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:02:00.980282-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636180lYv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636180,
"ParentPID": 8912948,
"Thread": 44826765,
"EventTime": "2021-09-06T19:03:38.405341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:03:38.646201-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8912956,
"ParentPID": 8192046,
"Thread": 46727269,
"EventTime": "2021-09-06T19:03:38.419940-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:03:38.647015-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8912956,
"ParentPID": 8192046,
"Thread": 46727269,
"EventTime": "2021-09-06T19:03:38.429615-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:03:38.647740-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636204mIv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636204,
"ParentPID": 8912958,
"Thread": 44826789,
"EventTime": "2021-09-06T19:03:38.519973-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:03:38.648451-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8912960,
"ParentPID": 6684890,
"Thread": 45678715,
"EventTime": "2021-09-06T19:05:00.476375-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:05:00.653954-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8912960,
"ParentPID": 6684890,
"Thread": 45678715,
"EventTime": "2021-09-06T19:05:00.476375-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:05:00.654778-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 18:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8912960,
"ParentPID": 6684890,
"Thread": 45678715,
"EventTime": "2021-09-06T19:05:00.476375-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:05:00.655525-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8912960,
"ParentPID": 6684890,
"Thread": 45678715,
"EventTime": "2021-09-06T19:05:00.476375-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:05:00.656243-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8912962,
"ParentPID": 5439688,
"Thread": 44957907,
"EventTime": "2021-09-06T19:05:20.472340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:05:20.499242-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh5636206.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 5636206,
"ParentPID": 8912962,
"Thread": 33357859,
"EventTime": "2021-09-06T19:05:20.607556-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:05:20.803020-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.5636206",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9961490,
"ParentPID": 5636206,
"Thread": 47775769,
"EventTime": "2021-09-06T19:05:20.632340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:05:20.803848-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9961490,
"ParentPID": 5636206,
"Thread": 47775769,
"EventTime": "2021-09-06T19:05:20.642340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:05:20.804587-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961494aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961494,
"ParentPID": 5636206,
"Thread": 47775773,
"EventTime": "2021-09-06T19:05:20.652341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:05:20.805293-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961494aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961494,
"ParentPID": 5636206,
"Thread": 47775773,
"EventTime": "2021-09-06T19:05:20.652341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:05:20.805967-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961494aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961494,
"ParentPID": 5636206,
"Thread": 47775773,
"EventTime": "2021-09-06T19:05:20.659799-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:05:20.806626-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.5636206/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9961500,
"ParentPID": 5636206,
"Thread": 47775779,
"EventTime": "2021-09-06T19:05:20.670850-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:05:20.807283-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.5636206",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9961502,
"ParentPID": 5636206,
"Thread": 47775781,
"EventTime": "2021-09-06T19:05:20.672340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:05:20.807929-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 5636208,
"ParentPID": 8912962,
"Thread": 33357861,
"EventTime": "2021-09-06T19:05:20.672340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:05:20.808571-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636208,
"ParentPID": 8912962,
"Thread": 33357861,
"EventTime": "2021-09-06T19:05:20.672340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:05:20.809222-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8912964,
"ParentPID": 5439688,
"Thread": 45678729,
"EventTime": "2021-09-06T19:08:12.770208-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:12.967244-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8912966,
"ParentPID": 5439688,
"Thread": 45678731,
"EventTime": "2021-09-06T19:08:13.411969-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:13.574884-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh5636210.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 5636210,
"ParentPID": 8912966,
"Thread": 33357863,
"EventTime": "2021-09-06T19:08:13.546369-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:13.575638-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.5636210",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9961518,
"ParentPID": 5636210,
"Thread": 47775797,
"EventTime": "2021-09-06T19:08:13.576341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:13.877183-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9961518,
"ParentPID": 5636210,
"Thread": 47775797,
"EventTime": "2021-09-06T19:08:13.586366-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:13.877940-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961522aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961522,
"ParentPID": 5636210,
"Thread": 47775801,
"EventTime": "2021-09-06T19:08:13.595628-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:13.878618-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961522aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961522,
"ParentPID": 5636210,
"Thread": 47775801,
"EventTime": "2021-09-06T19:08:13.596340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:13.879277-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961522aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961522,
"ParentPID": 5636210,
"Thread": 47775801,
"EventTime": "2021-09-06T19:08:13.596340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:13.879928-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.5636210/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9961524,
"ParentPID": 5636210,
"Thread": 47775803,
"EventTime": "2021-09-06T19:08:13.606340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:13.880573-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.5636210",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9961526,
"ParentPID": 5636210,
"Thread": 47775805,
"EventTime": "2021-09-06T19:08:13.612325-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:13.881217-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 5636212,
"ParentPID": 8912966,
"Thread": 33357865,
"EventTime": "2021-09-06T19:08:13.612325-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:13.881862-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636212,
"ParentPID": 8912966,
"Thread": 33357865,
"EventTime": "2021-09-06T19:08:13.612325-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:13.882507-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8912968,
"ParentPID": 5439688,
"Thread": 45678733,
"EventTime": "2021-09-06T19:08:14.236340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:14.485867-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636214,
"ParentPID": 5439688,
"Thread": 33357867,
"EventTime": "2021-09-06T19:08:14.294186-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:14.486859-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9961528.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9961528,
"ParentPID": 8912968,
"Thread": 47775807,
"EventTime": "2021-09-06T19:08:14.371174-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:14.487701-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9961528",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10551384,
"ParentPID": 9961528,
"Thread": 33030157,
"EventTime": "2021-09-06T19:08:14.396482-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:14.488474-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10551384,
"ParentPID": 9961528,
"Thread": 33030157,
"EventTime": "2021-09-06T19:08:14.407795-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:14.489213-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551388aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551388,
"ParentPID": 9961528,
"Thread": 33030161,
"EventTime": "2021-09-06T19:08:14.426340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:14.489956-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10158236.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10158236,
"ParentPID": 5636214,
"Thread": 47972563,
"EventTime": "2021-09-06T19:08:14.426340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:14.490650-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551388aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551388,
"ParentPID": 9961528,
"Thread": 33030161,
"EventTime": "2021-09-06T19:08:14.426340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:14.491355-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551388aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551388,
"ParentPID": 9961528,
"Thread": 33030161,
"EventTime": "2021-09-06T19:08:14.436340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:14.492062-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.08192052",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10289338,
"ParentPID": 8192052,
"Thread": 34013231,
"EventTime": "2021-09-06T19:08:14.449186-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:14.492600-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10158236",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9830520,
"ParentPID": 10158236,
"Thread": 42926239,
"EventTime": "2021-09-06T19:08:14.471198-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:14.493304-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9830520,
"ParentPID": 10158236,
"Thread": 42926239,
"EventTime": "2021-09-06T19:08:14.476340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:14.493990-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9961528/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9437344,
"ParentPID": 9961528,
"Thread": 31653897,
"EventTime": "2021-09-06T19:08:14.484409-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:14.797481-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9830524aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9830524,
"ParentPID": 10158236,
"Thread": 42926243,
"EventTime": "2021-09-06T19:08:14.486340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:14.798295-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9830524aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9830524,
"ParentPID": 10158236,
"Thread": 42926243,
"EventTime": "2021-09-06T19:08:14.486340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:14.799018-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9830524aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9830524,
"ParentPID": 10158236,
"Thread": 42926243,
"EventTime": "2021-09-06T19:08:14.494416-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:14.799729-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9961528",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9437346,
"ParentPID": 9961528,
"Thread": 31653899,
"EventTime": "2021-09-06T19:08:14.496341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:14.800396-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9961530,
"ParentPID": 8912968,
"Thread": 47775809,
"EventTime": "2021-09-06T19:08:14.500575-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:14.801050-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9961530,
"ParentPID": 8912968,
"Thread": 47775809,
"EventTime": "2021-09-06T19:08:14.500575-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:14.801711-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10158236/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9044206,
"ParentPID": 10158236,
"Thread": 45154533,
"EventTime": "2021-09-06T19:08:14.504419-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:14.802392-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10158236",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9044208,
"ParentPID": 10158236,
"Thread": 45154535,
"EventTime": "2021-09-06T19:08:14.506341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:14.803158-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10158238,
"ParentPID": 5636214,
"Thread": 47972565,
"EventTime": "2021-09-06T19:08:14.506341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:14.803811-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10158238,
"ParentPID": 5636214,
"Thread": 47972565,
"EventTime": "2021-09-06T19:08:14.506341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:14.804458-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636216,
"ParentPID": 5439688,
"Thread": 31653901,
"EventTime": "2021-09-06T19:08:26.186463-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:26.237221-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636218,
"ParentPID": 5439688,
"Thread": 31653903,
"EventTime": "2021-09-06T19:08:27.576340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:27.741389-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636220,
"ParentPID": 5439688,
"Thread": 31653905,
"EventTime": "2021-09-06T19:08:28.955340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:29.254610-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636222,
"ParentPID": 5439688,
"Thread": 31653907,
"EventTime": "2021-09-06T19:08:30.336780-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:30.457976-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10158240.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10158240,
"ParentPID": 5636222,
"Thread": 34013241,
"EventTime": "2021-09-06T19:08:30.467126-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:30.766177-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10158240",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 8912984,
"ParentPID": 10158240,
"Thread": 42926259,
"EventTime": "2021-09-06T19:08:30.497136-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:30.766998-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 8912984,
"ParentPID": 10158240,
"Thread": 42926259,
"EventTime": "2021-09-06T19:08:30.507139-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:30.767739-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm8912988aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8912988,
"ParentPID": 10158240,
"Thread": 42926263,
"EventTime": "2021-09-06T19:08:30.517142-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:30.768449-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm8912988aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8912988,
"ParentPID": 10158240,
"Thread": 42926263,
"EventTime": "2021-09-06T19:08:30.517142-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:30.769119-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm8912988aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8912988,
"ParentPID": 10158240,
"Thread": 42926263,
"EventTime": "2021-09-06T19:08:30.517142-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:30.769774-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10158240/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 8912994,
"ParentPID": 10158240,
"Thread": 42926269,
"EventTime": "2021-09-06T19:08:30.527755-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:30.770428-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10158240",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 8912996,
"ParentPID": 10158240,
"Thread": 42926271,
"EventTime": "2021-09-06T19:08:30.535341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:30.771076-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10158242,
"ParentPID": 5636222,
"Thread": 34013243,
"EventTime": "2021-09-06T19:08:30.537149-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:30.771719-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10158242,
"ParentPID": 5636222,
"Thread": 34013243,
"EventTime": "2021-09-06T19:08:30.537149-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:30.772359-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636224,
"ParentPID": 5439688,
"Thread": 31653909,
"EventTime": "2021-09-06T19:08:31.800653-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:31.977839-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10158244.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10158244,
"ParentPID": 5636224,
"Thread": 34013245,
"EventTime": "2021-09-06T19:08:31.931001-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:31.978608-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10158244",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 8913012,
"ParentPID": 10158244,
"Thread": 42926287,
"EventTime": "2021-09-06T19:08:31.961011-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:31.979340-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 8913012,
"ParentPID": 10158244,
"Thread": 42926287,
"EventTime": "2021-09-06T19:08:31.965340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:31.980046-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm8913016aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8913016,
"ParentPID": 10158244,
"Thread": 42926291,
"EventTime": "2021-09-06T19:08:31.975356-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:32.282698-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm8913016aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8913016,
"ParentPID": 10158244,
"Thread": 42926291,
"EventTime": "2021-09-06T19:08:31.981017-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:32.283470-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm8913016aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8913016,
"ParentPID": 10158244,
"Thread": 42926291,
"EventTime": "2021-09-06T19:08:31.985340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:32.284197-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10158244/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 8913022,
"ParentPID": 10158244,
"Thread": 42926297,
"EventTime": "2021-09-06T19:08:31.995340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:32.284907-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10158244",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 8913024,
"ParentPID": 10158244,
"Thread": 42926299,
"EventTime": "2021-09-06T19:08:31.995340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:32.285615-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10158246,
"ParentPID": 5636224,
"Thread": 34013247,
"EventTime": "2021-09-06T19:08:32.001024-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:32.286296-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10158246,
"ParentPID": 5636224,
"Thread": 34013247,
"EventTime": "2021-09-06T19:08:32.001024-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:32.286999-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636226,
"ParentPID": 5439688,
"Thread": 31653911,
"EventTime": "2021-09-06T19:08:33.255340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:08:33.495334-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636228,
"ParentPID": 6684890,
"Thread": 37617719,
"EventTime": "2021-09-06T19:10:00.487401-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:10:00.655620-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636228,
"ParentPID": 6684890,
"Thread": 37617719,
"EventTime": "2021-09-06T19:10:00.487401-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:10:00.656436-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 18:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636228,
"ParentPID": 6684890,
"Thread": 37617719,
"EventTime": "2021-09-06T19:10:00.487401-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:10:00.657180-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636228,
"ParentPID": 6684890,
"Thread": 37617719,
"EventTime": "2021-09-06T19:10:00.487401-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:10:00.657908-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636230,
"ParentPID": 6684890,
"Thread": 47972571,
"EventTime": "2021-09-06T19:15:00.496789-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:15:00.547710-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636230,
"ParentPID": 6684890,
"Thread": 47972571,
"EventTime": "2021-09-06T19:15:00.496789-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:15:00.548542-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 18:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636230,
"ParentPID": 6684890,
"Thread": 47972571,
"EventTime": "2021-09-06T19:15:00.496789-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:15:00.549284-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636230,
"ParentPID": 6684890,
"Thread": 47972571,
"EventTime": "2021-09-06T19:15:00.500655-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:15:00.550012-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008913046gI9aaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8913046,
"ParentPID": 10158256,
"Thread": 42860603,
"EventTime": "2021-09-06T19:18:38.645340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:18:38.703621-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10158264,
"ParentPID": 5636232,
"Thread": 38600885,
"EventTime": "2021-09-06T19:18:38.665341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:18:38.704387-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10158264,
"ParentPID": 5636232,
"Thread": 38600885,
"EventTime": "2021-09-06T19:18:38.670971-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:18:38.705109-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008913070h39aaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8913070,
"ParentPID": 10158266,
"Thread": 42860627,
"EventTime": "2021-09-06T19:18:38.770555-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:18:39.006177-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636234,
"ParentPID": 6684890,
"Thread": 42664137,
"EventTime": "2021-09-06T19:20:00.507205-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:20:00.722580-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636234,
"ParentPID": 6684890,
"Thread": 42664137,
"EventTime": "2021-09-06T19:20:00.507205-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:20:00.723409-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 18:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636234,
"ParentPID": 6684890,
"Thread": 42664137,
"EventTime": "2021-09-06T19:20:00.507205-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:20:00.724157-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636234,
"ParentPID": 6684890,
"Thread": 42664137,
"EventTime": "2021-09-06T19:20:00.507205-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:20:00.724891-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636236,
"ParentPID": 6684890,
"Thread": 48169011,
"EventTime": "2021-09-06T19:25:00.518863-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:25:00.651852-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636236,
"ParentPID": 6684890,
"Thread": 48169011,
"EventTime": "2021-09-06T19:25:00.518863-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:25:00.652634-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 18:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636236,
"ParentPID": 6684890,
"Thread": 48169011,
"EventTime": "2021-09-06T19:25:00.518863-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:25:00.653445-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636236,
"ParentPID": 6684890,
"Thread": 48169011,
"EventTime": "2021-09-06T19:25:00.518863-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:25:00.654166-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10158268",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 8913072,
"ParentPID": 10158268,
"Thread": 47775819,
"EventTime": "2021-09-06T19:25:00.528866-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:25:00.654675-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636238,
"ParentPID": 6684890,
"Thread": 42664151,
"EventTime": "2021-09-06T19:30:00.537265-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:30:00.547586-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636238,
"ParentPID": 6684890,
"Thread": 42664151,
"EventTime": "2021-09-06T19:30:00.537265-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:30:00.548356-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 18:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636238,
"ParentPID": 6684890,
"Thread": 42664151,
"EventTime": "2021-09-06T19:30:00.537265-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:30:00.549105-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636238,
"ParentPID": 6684890,
"Thread": 42664151,
"EventTime": "2021-09-06T19:30:00.544011-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:30:00.549836-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-06T19:33:12.844627-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:33:13.142785-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008913094b39aaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8913094,
"ParentPID": 10158278,
"Thread": 33357895,
"EventTime": "2021-09-06T19:33:38.894343-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:33:39.001455-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10158286,
"ParentPID": 5636242,
"Thread": 41156637,
"EventTime": "2021-09-06T19:33:38.906362-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:33:39.002227-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10158286,
"ParentPID": 5636242,
"Thread": 41156637,
"EventTime": "2021-09-06T19:33:38.916365-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:33:39.002959-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009437388ciAaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9437388,
"ParentPID": 9043984,
"Thread": 38928553,
"EventTime": "2021-09-06T19:33:39.006398-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:33:39.304788-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636244,
"ParentPID": 6684890,
"Thread": 36241549,
"EventTime": "2021-09-06T19:35:00.552751-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:35:00.730598-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636244,
"ParentPID": 6684890,
"Thread": 36241549,
"EventTime": "2021-09-06T19:35:00.552751-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:35:00.731373-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 18:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636244,
"ParentPID": 6684890,
"Thread": 36241549,
"EventTime": "2021-09-06T19:35:00.552751-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:35:00.732123-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636244,
"ParentPID": 6684890,
"Thread": 36241549,
"EventTime": "2021-09-06T19:35:00.552751-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:35:00.732935-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636246,
"ParentPID": 5439688,
"Thread": 47186137,
"EventTime": "2021-09-06T19:35:04.973947-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:35:05.246947-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9830532.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9830532,
"ParentPID": 5636246,
"Thread": 20906131,
"EventTime": "2021-09-06T19:35:05.104271-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:35:05.247720-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9830532",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10289388,
"ParentPID": 9830532,
"Thread": 50790619,
"EventTime": "2021-09-06T19:35:05.134283-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:35:05.248450-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10289388,
"ParentPID": 9830532,
"Thread": 50790619,
"EventTime": "2021-09-06T19:35:05.144323-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:35:05.249172-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289392aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289392,
"ParentPID": 9830532,
"Thread": 50790623,
"EventTime": "2021-09-06T19:35:05.154327-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:35:05.249856-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289392aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289392,
"ParentPID": 9830532,
"Thread": 50790623,
"EventTime": "2021-09-06T19:35:05.154327-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:35:05.250517-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289392aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289392,
"ParentPID": 9830532,
"Thread": 50790623,
"EventTime": "2021-09-06T19:35:05.154327-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:35:05.251165-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9830532/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10289398,
"ParentPID": 9830532,
"Thread": 50790629,
"EventTime": "2021-09-06T19:35:05.164330-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:35:05.251859-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9830532",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10289400,
"ParentPID": 9830532,
"Thread": 50790631,
"EventTime": "2021-09-06T19:35:05.171368-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:35:05.252569-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9830534,
"ParentPID": 5636246,
"Thread": 20906133,
"EventTime": "2021-09-06T19:35:05.174333-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:35:05.253232-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830534,
"ParentPID": 5636246,
"Thread": 20906133,
"EventTime": "2021-09-06T19:35:05.174333-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:35:05.253880-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636248,
"ParentPID": 5439688,
"Thread": 36241565,
"EventTime": "2021-09-06T19:39:31.553874-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:39:31.775360-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636250,
"ParentPID": 6684890,
"Thread": 36241567,
"EventTime": "2021-09-06T19:40:00.561342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:40:00.645736-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636250,
"ParentPID": 6684890,
"Thread": 36241567,
"EventTime": "2021-09-06T19:40:00.561342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:40:00.646564-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 18:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636250,
"ParentPID": 6684890,
"Thread": 36241567,
"EventTime": "2021-09-06T19:40:00.564668-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:40:00.647319-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636250,
"ParentPID": 6684890,
"Thread": 36241567,
"EventTime": "2021-09-06T19:40:00.564668-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:40:00.648048-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636252,
"ParentPID": 6684890,
"Thread": 36241579,
"EventTime": "2021-09-06T19:45:00.572122-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:45:00.642183-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636252,
"ParentPID": 6684890,
"Thread": 36241579,
"EventTime": "2021-09-06T19:45:00.572122-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:45:00.643024-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 18:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636252,
"ParentPID": 6684890,
"Thread": 36241579,
"EventTime": "2021-09-06T19:45:00.572122-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:45:00.643768-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636252,
"ParentPID": 6684890,
"Thread": 36241579,
"EventTime": "2021-09-06T19:45:00.575944-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:45:00.644499-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010289166YiDqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10289166,
"ParentPID": 9830544,
"Thread": 46727339,
"EventTime": "2021-09-06T19:48:39.131847-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:48:39.423226-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9830552,
"ParentPID": 5636254,
"Thread": 42664181,
"EventTime": "2021-09-06T19:48:39.144341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:48:39.424051-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9830552,
"ParentPID": 5636254,
"Thread": 42664181,
"EventTime": "2021-09-06T19:48:39.154341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:48:39.424818-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010289190YUDqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10289190,
"ParentPID": 9830554,
"Thread": 46727363,
"EventTime": "2021-09-06T19:48:39.251931-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:48:39.425591-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636256,
"ParentPID": 6684890,
"Thread": 46137455,
"EventTime": "2021-09-06T19:50:00.581341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:50:00.869973-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636256,
"ParentPID": 6684890,
"Thread": 46137455,
"EventTime": "2021-09-06T19:50:00.581341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:50:00.870752-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 18:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636256,
"ParentPID": 6684890,
"Thread": 46137455,
"EventTime": "2021-09-06T19:50:00.585299-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:50:00.871529-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636256,
"ParentPID": 6684890,
"Thread": 46137455,
"EventTime": "2021-09-06T19:50:00.585299-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:50:00.872277-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636258,
"ParentPID": 6684890,
"Thread": 43646977,
"EventTime": "2021-09-06T19:55:00.591341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:55:00.782237-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636258,
"ParentPID": 6684890,
"Thread": 43646977,
"EventTime": "2021-09-06T19:55:00.591341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:55:00.783059-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 18:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636258,
"ParentPID": 6684890,
"Thread": 43646977,
"EventTime": "2021-09-06T19:55:00.595497-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:55:00.783800-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636258,
"ParentPID": 6684890,
"Thread": 43646977,
"EventTime": "2021-09-06T19:55:00.595497-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T19:55:00.784532-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636260,
"ParentPID": 6684890,
"Thread": 43646993,
"EventTime": "2021-09-06T20:00:00.601340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:00:00.645550-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636260,
"ParentPID": 6684890,
"Thread": 43646993,
"EventTime": "2021-09-06T20:00:00.601340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:00:00.646387-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 19:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636260,
"ParentPID": 6684890,
"Thread": 43646993,
"EventTime": "2021-09-06T20:00:00.601340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:00:00.647139-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636260,
"ParentPID": 6684890,
"Thread": 43646993,
"EventTime": "2021-09-06T20:00:00.605568-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:00:00.647883-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192066,
"ParentPID": 5439688,
"Thread": 44761139,
"EventTime": "2021-09-06T20:01:30.286617-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:01:30.501620-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192068,
"ParentPID": 5439688,
"Thread": 44761141,
"EventTime": "2021-09-06T20:01:30.567384-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:01:30.803503-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192070,
"ParentPID": 5439688,
"Thread": 44761143,
"EventTime": "2021-09-06T20:01:35.891494-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:01:35.932468-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192072,
"ParentPID": 5439688,
"Thread": 44761145,
"EventTime": "2021-09-06T20:01:36.984753-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:01:37.136054-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192074,
"ParentPID": 5439688,
"Thread": 44761147,
"EventTime": "2021-09-06T20:01:37.256525-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:01:37.437337-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192076,
"ParentPID": 5439688,
"Thread": 35913781,
"EventTime": "2021-09-06T20:01:47.407340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:01:47.672090-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.08192078",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 5636264,
"ParentPID": 8192078,
"Thread": 35651765,
"EventTime": "2021-09-06T20:01:47.418699-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:01:47.672673-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192080,
"ParentPID": 5439688,
"Thread": 35913785,
"EventTime": "2021-09-06T20:01:47.674455-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:01:47.975107-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192082,
"ParentPID": 5439688,
"Thread": 35913787,
"EventTime": "2021-09-06T20:01:47.937694-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:01:47.975931-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192084,
"ParentPID": 5439688,
"Thread": 35913789,
"EventTime": "2021-09-06T20:01:48.197340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:01:48.276866-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192086,
"ParentPID": 5439688,
"Thread": 35913791,
"EventTime": "2021-09-06T20:01:48.457340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:01:48.578071-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010551418SiEqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10551418,
"ParentPID": 5636274,
"Thread": 38469681,
"EventTime": "2021-09-06T20:03:39.333678-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:03:39.471965-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 5636282,
"ParentPID": 8192090,
"Thread": 33423409,
"EventTime": "2021-09-06T20:03:39.343680-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:03:39.472548-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 5636282,
"ParentPID": 8192090,
"Thread": 33423409,
"EventTime": "2021-09-06T20:03:39.343680-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:03:39.473022-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010551442TeEqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10551442,
"ParentPID": 5636284,
"Thread": 38469705,
"EventTime": "2021-09-06T20:03:39.403693-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:03:39.473546-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192092,
"ParentPID": 6684890,
"Thread": 43647005,
"EventTime": "2021-09-06T20:05:00.610651-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:05:00.864305-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192092,
"ParentPID": 6684890,
"Thread": 43647005,
"EventTime": "2021-09-06T20:05:00.610651-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:05:00.864830-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 19:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192092,
"ParentPID": 6684890,
"Thread": 43647005,
"EventTime": "2021-09-06T20:05:00.610651-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:05:00.865303-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192092,
"ParentPID": 6684890,
"Thread": 43647005,
"EventTime": "2021-09-06T20:05:00.611339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:05:00.865758-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192094,
"ParentPID": 5439688,
"Thread": 35913801,
"EventTime": "2021-09-06T20:05:06.550705-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:05:06.590921-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh5636286.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 5636286,
"ParentPID": 8192094,
"Thread": 30736455,
"EventTime": "2021-09-06T20:05:06.680917-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:05:06.891765-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.5636286",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10551458,
"ParentPID": 5636286,
"Thread": 32571545,
"EventTime": "2021-09-06T20:05:06.700936-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:05:06.892281-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10551458,
"ParentPID": 5636286,
"Thread": 32571545,
"EventTime": "2021-09-06T20:05:06.700936-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:05:06.892738-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551462aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551462,
"ParentPID": 5636286,
"Thread": 32571549,
"EventTime": "2021-09-06T20:05:06.710938-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:05:06.893187-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551462aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551462,
"ParentPID": 5636286,
"Thread": 32571549,
"EventTime": "2021-09-06T20:05:06.711531-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:05:06.893610-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551462aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551462,
"ParentPID": 5636286,
"Thread": 32571549,
"EventTime": "2021-09-06T20:05:06.711531-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:05:06.894019-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.5636286/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10551464,
"ParentPID": 5636286,
"Thread": 32571551,
"EventTime": "2021-09-06T20:05:06.720357-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:05:06.894422-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.5636286",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10551466,
"ParentPID": 5636286,
"Thread": 32571553,
"EventTime": "2021-09-06T20:05:06.720940-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:05:06.894826-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 5636288,
"ParentPID": 8192094,
"Thread": 30736457,
"EventTime": "2021-09-06T20:05:06.720940-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:05:06.895227-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636288,
"ParentPID": 8192094,
"Thread": 30736457,
"EventTime": "2021-09-06T20:05:06.720940-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:05:06.895624-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192104,
"ParentPID": 5439688,
"Thread": 34668699,
"EventTime": "2021-09-06T20:08:23.284340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:23.373892-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192106,
"ParentPID": 5439688,
"Thread": 34668701,
"EventTime": "2021-09-06T20:08:23.958018-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:23.975051-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh5636290.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 5636290,
"ParentPID": 8192106,
"Thread": 47579255,
"EventTime": "2021-09-06T20:08:24.084680-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:24.284910-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.5636290",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10551482,
"ParentPID": 5636290,
"Thread": 36634755,
"EventTime": "2021-09-06T20:08:24.105249-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:24.285439-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10551482,
"ParentPID": 5636290,
"Thread": 36634755,
"EventTime": "2021-09-06T20:08:24.114684-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:24.285907-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551486aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551486,
"ParentPID": 5636290,
"Thread": 36634759,
"EventTime": "2021-09-06T20:08:24.114684-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:24.286357-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551486aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551486,
"ParentPID": 5636290,
"Thread": 36634759,
"EventTime": "2021-09-06T20:08:24.124341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:24.286781-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551486aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551486,
"ParentPID": 5636290,
"Thread": 36634759,
"EventTime": "2021-09-06T20:08:24.124686-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:24.287191-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.5636290/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10551488,
"ParentPID": 5636290,
"Thread": 36634761,
"EventTime": "2021-09-06T20:08:24.124686-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:24.287594-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.5636290",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10551490,
"ParentPID": 5636290,
"Thread": 36634763,
"EventTime": "2021-09-06T20:08:24.124686-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:24.287999-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 5636292,
"ParentPID": 8192106,
"Thread": 47579257,
"EventTime": "2021-09-06T20:08:24.134844-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:24.288402-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636292,
"ParentPID": 8192106,
"Thread": 47579257,
"EventTime": "2021-09-06T20:08:24.134844-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:24.288801-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192108,
"ParentPID": 5439688,
"Thread": 34668703,
"EventTime": "2021-09-06T20:08:24.545443-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:24.594927-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh5636294.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 5636294,
"ParentPID": 8192108,
"Thread": 47579259,
"EventTime": "2021-09-06T20:08:24.665969-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:24.896661-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.5636294",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10551506,
"ParentPID": 5636294,
"Thread": 36634779,
"EventTime": "2021-09-06T20:08:24.694339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:24.897176-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10551506,
"ParentPID": 5636294,
"Thread": 36634779,
"EventTime": "2021-09-06T20:08:24.695693-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:24.897635-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551510aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551510,
"ParentPID": 5636294,
"Thread": 36634783,
"EventTime": "2021-09-06T20:08:24.704340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:24.898100-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551510aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551510,
"ParentPID": 5636294,
"Thread": 36634783,
"EventTime": "2021-09-06T20:08:24.705697-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:24.898538-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551510aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551510,
"ParentPID": 5636294,
"Thread": 36634783,
"EventTime": "2021-09-06T20:08:24.708055-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:24.898957-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.5636294/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10551512,
"ParentPID": 5636294,
"Thread": 36634785,
"EventTime": "2021-09-06T20:08:24.714358-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:24.899374-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.5636294",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10551514,
"ParentPID": 5636294,
"Thread": 36634787,
"EventTime": "2021-09-06T20:08:24.715699-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:24.899787-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 5636296,
"ParentPID": 8192108,
"Thread": 47579261,
"EventTime": "2021-09-06T20:08:24.715699-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:24.900200-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636296,
"ParentPID": 8192108,
"Thread": 47579261,
"EventTime": "2021-09-06T20:08:24.715699-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:24.900610-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192110,
"ParentPID": 5439688,
"Thread": 34668705,
"EventTime": "2021-09-06T20:08:25.988202-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:26.103576-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh5636298.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 5636298,
"ParentPID": 8192110,
"Thread": 47579263,
"EventTime": "2021-09-06T20:08:26.118451-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:26.404928-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.5636298",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10551530,
"ParentPID": 5636298,
"Thread": 36634803,
"EventTime": "2021-09-06T20:08:26.138456-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:26.405448-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10551530,
"ParentPID": 5636298,
"Thread": 36634803,
"EventTime": "2021-09-06T20:08:26.144361-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:26.405913-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551534aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551534,
"ParentPID": 5636298,
"Thread": 36634807,
"EventTime": "2021-09-06T20:08:26.148459-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:26.406371-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551534aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551534,
"ParentPID": 5636298,
"Thread": 36634807,
"EventTime": "2021-09-06T20:08:26.148459-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:26.406821-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551534aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551534,
"ParentPID": 5636298,
"Thread": 36634807,
"EventTime": "2021-09-06T20:08:26.153040-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:26.407241-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.5636298/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10551536,
"ParentPID": 5636298,
"Thread": 36634809,
"EventTime": "2021-09-06T20:08:26.158461-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:26.407660-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.5636298",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10551538,
"ParentPID": 5636298,
"Thread": 36634811,
"EventTime": "2021-09-06T20:08:26.158461-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:26.408076-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 5636300,
"ParentPID": 8192110,
"Thread": 47579265,
"EventTime": "2021-09-06T20:08:26.158461-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:26.408489-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636300,
"ParentPID": 8192110,
"Thread": 47579265,
"EventTime": "2021-09-06T20:08:26.158461-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:26.408901-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192112,
"ParentPID": 5439688,
"Thread": 34668707,
"EventTime": "2021-09-06T20:08:44.313477-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:44.443925-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192114,
"ParentPID": 5439688,
"Thread": 34668709,
"EventTime": "2021-09-06T20:08:45.686180-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:45.947304-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192116,
"ParentPID": 5439688,
"Thread": 34668711,
"EventTime": "2021-09-06T20:08:47.068920-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:47.159655-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192118,
"ParentPID": 5439688,
"Thread": 34668713,
"EventTime": "2021-09-06T20:08:48.453339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:48.667594-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh5636302.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 5636302,
"ParentPID": 8192118,
"Thread": 47579267,
"EventTime": "2021-09-06T20:08:48.583339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:48.668104-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09044066",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9830594,
"ParentPID": 9044066,
"Thread": 33423425,
"EventTime": "2021-09-06T20:08:48.593339-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:48.668443-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.5636302",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9044070,
"ParentPID": 5636302,
"Thread": 46071991,
"EventTime": "2021-09-06T20:08:48.611681-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:48.668895-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9044070,
"ParentPID": 5636302,
"Thread": 46071991,
"EventTime": "2021-09-06T20:08:48.615737-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:48.669317-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044074aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044074,
"ParentPID": 5636302,
"Thread": 46071995,
"EventTime": "2021-09-06T20:08:48.623339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:48.669726-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044074aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044074,
"ParentPID": 5636302,
"Thread": 46071995,
"EventTime": "2021-09-06T20:08:48.623339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:48.670129-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044074aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044074,
"ParentPID": 5636302,
"Thread": 46071995,
"EventTime": "2021-09-06T20:08:48.623339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:48.670533-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.5636302/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9044076,
"ParentPID": 5636302,
"Thread": 46071997,
"EventTime": "2021-09-06T20:08:48.631686-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:48.670937-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.5636302",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9044078,
"ParentPID": 5636302,
"Thread": 46071999,
"EventTime": "2021-09-06T20:08:48.633339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:48.671344-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 5636304,
"ParentPID": 8192118,
"Thread": 47579269,
"EventTime": "2021-09-06T20:08:48.633339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:48.671756-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636304,
"ParentPID": 8192118,
"Thread": 47579269,
"EventTime": "2021-09-06T20:08:48.633339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:48.672164-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192120,
"ParentPID": 5439688,
"Thread": 34668715,
"EventTime": "2021-09-06T20:08:49.884053-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:50.175122-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh5636306.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 5636306,
"ParentPID": 8192120,
"Thread": 47579271,
"EventTime": "2021-09-06T20:08:50.017752-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:50.175642-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.5636306",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9044094,
"ParentPID": 5636306,
"Thread": 46072015,
"EventTime": "2021-09-06T20:08:50.034301-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:50.176105-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9044094,
"ParentPID": 5636306,
"Thread": 46072015,
"EventTime": "2021-09-06T20:08:50.044319-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:50.176559-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044098aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044098,
"ParentPID": 5636306,
"Thread": 46072019,
"EventTime": "2021-09-06T20:08:50.048665-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:50.176985-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044098aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044098,
"ParentPID": 5636306,
"Thread": 46072019,
"EventTime": "2021-09-06T20:08:50.048665-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:50.177391-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044098aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044098,
"ParentPID": 5636306,
"Thread": 46072019,
"EventTime": "2021-09-06T20:08:50.048665-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:50.177793-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.5636306/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9044100,
"ParentPID": 5636306,
"Thread": 46072021,
"EventTime": "2021-09-06T20:08:50.054322-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:50.178195-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.5636306",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9044102,
"ParentPID": 5636306,
"Thread": 46072023,
"EventTime": "2021-09-06T20:08:50.054322-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:50.178594-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 5636308,
"ParentPID": 8192120,
"Thread": 47579273,
"EventTime": "2021-09-06T20:08:50.063340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:50.178992-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636308,
"ParentPID": 8192120,
"Thread": 47579273,
"EventTime": "2021-09-06T20:08:50.063340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:50.179390-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192122,
"ParentPID": 5439688,
"Thread": 34668717,
"EventTime": "2021-09-06T20:08:51.318411-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:08:51.387547-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192124,
"ParentPID": 6684890,
"Thread": 35651785,
"EventTime": "2021-09-06T20:10:00.611775-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:10:00.768187-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192124,
"ParentPID": 6684890,
"Thread": 35651785,
"EventTime": "2021-09-06T20:10:00.611775-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:10:00.768724-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 19:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192124,
"ParentPID": 6684890,
"Thread": 35651785,
"EventTime": "2021-09-06T20:10:00.611775-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:10:00.769208-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192124,
"ParentPID": 6684890,
"Thread": 35651785,
"EventTime": "2021-09-06T20:10:00.611775-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:10:00.769680-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192128,
"ParentPID": 5439688,
"Thread": 34668737,
"EventTime": "2021-09-06T20:14:05.054080-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:14:05.284759-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh5636310.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 5636310,
"ParentPID": 8192128,
"Thread": 46072025,
"EventTime": "2021-09-06T20:14:05.062339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:14:05.285278-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.5636310",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9044118,
"ParentPID": 5636310,
"Thread": 36634867,
"EventTime": "2021-09-06T20:14:05.084106-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:14:05.285739-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9044118,
"ParentPID": 5636310,
"Thread": 36634867,
"EventTime": "2021-09-06T20:14:05.084106-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:14:05.286189-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044122aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044122,
"ParentPID": 5636310,
"Thread": 36634871,
"EventTime": "2021-09-06T20:14:05.092339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:14:05.286611-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044122aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044122,
"ParentPID": 5636310,
"Thread": 36634871,
"EventTime": "2021-09-06T20:14:05.092339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:14:05.287015-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044122aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044122,
"ParentPID": 5636310,
"Thread": 36634871,
"EventTime": "2021-09-06T20:14:05.092339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:14:05.287416-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.5636310/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9044124,
"ParentPID": 5636310,
"Thread": 36634873,
"EventTime": "2021-09-06T20:14:05.102340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:14:05.287817-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.5636310",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9044126,
"ParentPID": 5636310,
"Thread": 36634875,
"EventTime": "2021-09-06T20:14:05.102340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:14:05.288213-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 5636312,
"ParentPID": 8192128,
"Thread": 46072027,
"EventTime": "2021-09-06T20:14:05.102340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:14:05.288608-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636312,
"ParentPID": 8192128,
"Thread": 46072027,
"EventTime": "2021-09-06T20:14:05.102340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:14:05.289006-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192130,
"ParentPID": 6684890,
"Thread": 29360187,
"EventTime": "2021-09-06T20:15:00.615265-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:15:00.876324-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192130,
"ParentPID": 6684890,
"Thread": 29360187,
"EventTime": "2021-09-06T20:15:00.615265-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:15:00.876846-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 19:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192130,
"ParentPID": 6684890,
"Thread": 29360187,
"EventTime": "2021-09-06T20:15:00.615265-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:15:00.877326-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192130,
"ParentPID": 6684890,
"Thread": 29360187,
"EventTime": "2021-09-06T20:15:00.615265-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:15:00.877788-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009044150MI97aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9044150,
"ParentPID": 5636324,
"Thread": 44302543,
"EventTime": "2021-09-06T20:18:39.483353-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:18:39.541998-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 5636332,
"ParentPID": 8192132,
"Thread": 36765879,
"EventTime": "2021-09-06T20:18:39.493340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:18:39.542475-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 5636332,
"ParentPID": 8192132,
"Thread": 36765879,
"EventTime": "2021-09-06T20:18:39.497469-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:18:39.542929-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009044174Nm97aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9044174,
"ParentPID": 5636334,
"Thread": 44302567,
"EventTime": "2021-09-06T20:18:39.557485-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:18:39.843868-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192134,
"ParentPID": 6684890,
"Thread": 42139695,
"EventTime": "2021-09-06T20:20:00.618322-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:20:00.628826-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192134,
"ParentPID": 6684890,
"Thread": 42139695,
"EventTime": "2021-09-06T20:20:00.618322-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:20:00.629318-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 19:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192134,
"ParentPID": 6684890,
"Thread": 42139695,
"EventTime": "2021-09-06T20:20:00.618322-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:20:00.629791-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192134,
"ParentPID": 6684890,
"Thread": 42139695,
"EventTime": "2021-09-06T20:20:00.620339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:20:00.630250-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192136,
"ParentPID": 6684890,
"Thread": 31457481,
"EventTime": "2021-09-06T20:25:00.621016-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:25:00.775559-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192136,
"ParentPID": 6684890,
"Thread": 31457481,
"EventTime": "2021-09-06T20:25:00.621016-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:25:00.776147-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 19:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192136,
"ParentPID": 6684890,
"Thread": 31457481,
"EventTime": "2021-09-06T20:25:00.621016-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:25:00.776647-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192136,
"ParentPID": 6684890,
"Thread": 31457481,
"EventTime": "2021-09-06T20:25:00.621016-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:25:00.777112-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192138,
"ParentPID": 6684890,
"Thread": 30081249,
"EventTime": "2021-09-06T20:30:00.622269-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:30:00.829117-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192138,
"ParentPID": 6684890,
"Thread": 30081249,
"EventTime": "2021-09-06T20:30:00.622269-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:30:00.829614-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 19:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192138,
"ParentPID": 6684890,
"Thread": 30081249,
"EventTime": "2021-09-06T20:30:00.622269-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:30:00.830094-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192138,
"ParentPID": 6684890,
"Thread": 30081249,
"EventTime": "2021-09-06T20:30:00.626368-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:30:00.830576-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-06T20:33:12.723639-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:33:12.789774-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009044196GQ97aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9044196,
"ParentPID": 5636344,
"Thread": 42991697,
"EventTime": "2021-09-06T20:33:39.632356-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:33:39.836667-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.05636346",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9830622,
"ParentPID": 5636346,
"Thread": 22937663,
"EventTime": "2021-09-06T20:33:39.642340-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:33:39.837078-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9044204,
"ParentPID": 8192142,
"Thread": 42991705,
"EventTime": "2021-09-06T20:33:39.652340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:33:39.837549-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9044204,
"ParentPID": 8192142,
"Thread": 42991705,
"EventTime": "2021-09-06T20:33:39.655819-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:33:39.838017-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636114Hyv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636114,
"ParentPID": 9044206,
"Thread": 37748853,
"EventTime": "2021-09-06T20:33:39.715833-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:33:39.838459-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192144,
"ParentPID": 6684890,
"Thread": 30081261,
"EventTime": "2021-09-06T20:35:00.627398-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:35:00.916572-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192144,
"ParentPID": 6684890,
"Thread": 30081261,
"EventTime": "2021-09-06T20:35:00.627398-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:35:00.917094-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 19:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192144,
"ParentPID": 6684890,
"Thread": 30081261,
"EventTime": "2021-09-06T20:35:00.627398-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:35:00.917568-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192144,
"ParentPID": 6684890,
"Thread": 30081261,
"EventTime": "2021-09-06T20:35:00.627398-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:35:00.918033-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192146,
"ParentPID": 5439688,
"Thread": 30081263,
"EventTime": "2021-09-06T20:35:01.080339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:35:01.218892-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9044208.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9044208,
"ParentPID": 8192146,
"Thread": 23658501,
"EventTime": "2021-09-06T20:35:01.208393-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:35:01.219324-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9044208",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 5636130,
"ParentPID": 9044208,
"Thread": 37093425,
"EventTime": "2021-09-06T20:35:01.228398-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:35:01.520884-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 5636130,
"ParentPID": 9044208,
"Thread": 37093425,
"EventTime": "2021-09-06T20:35:01.230411-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:35:01.521330-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm5636134aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 5636134,
"ParentPID": 9044208,
"Thread": 37093429,
"EventTime": "2021-09-06T20:35:01.240340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:35:01.521777-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm5636134aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 5636134,
"ParentPID": 9044208,
"Thread": 37093429,
"EventTime": "2021-09-06T20:35:01.240340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:35:01.522188-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm5636134aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 5636134,
"ParentPID": 9044208,
"Thread": 37093429,
"EventTime": "2021-09-06T20:35:01.241926-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:35:01.522608-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9044208/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 5636140,
"ParentPID": 9044208,
"Thread": 37093435,
"EventTime": "2021-09-06T20:35:01.248403-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:35:01.523013-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9044208",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 5636142,
"ParentPID": 9044208,
"Thread": 37093437,
"EventTime": "2021-09-06T20:35:01.250339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:35:01.523416-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9044210,
"ParentPID": 8192146,
"Thread": 23658503,
"EventTime": "2021-09-06T20:35:01.250339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:35:01.523816-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9044210,
"ParentPID": 8192146,
"Thread": 23658503,
"EventTime": "2021-09-06T20:35:01.250339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:35:01.524217-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192148,
"ParentPID": 5439688,
"Thread": 37683233,
"EventTime": "2021-09-06T20:38:46.330267-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:38:46.541739-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192150,
"ParentPID": 6684890,
"Thread": 27656333,
"EventTime": "2021-09-06T20:40:00.626595-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:40:00.751174-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192150,
"ParentPID": 6684890,
"Thread": 27656333,
"EventTime": "2021-09-06T20:40:00.626595-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:40:00.752004-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 19:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192150,
"ParentPID": 6684890,
"Thread": 27656333,
"EventTime": "2021-09-06T20:40:00.626595-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:40:00.752764-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192150,
"ParentPID": 6684890,
"Thread": 27656333,
"EventTime": "2021-09-06T20:40:00.626595-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:40:00.753493-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192152,
"ParentPID": 6684890,
"Thread": 27656345,
"EventTime": "2021-09-06T20:45:00.642695-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:45:00.673640-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192152,
"ParentPID": 6684890,
"Thread": 27656345,
"EventTime": "2021-09-06T20:45:00.642695-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:45:00.674481-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 19:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192152,
"ParentPID": 6684890,
"Thread": 27656345,
"EventTime": "2021-09-06T20:45:00.642695-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:45:00.675251-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192152,
"ParentPID": 6684890,
"Thread": 27656345,
"EventTime": "2021-09-06T20:45:00.642695-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:45:00.675986-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636164Buv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636164,
"ParentPID": 9044220,
"Thread": 27197653,
"EventTime": "2021-09-06T20:48:39.832340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:48:39.981963-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9043972,
"ParentPID": 8192154,
"Thread": 44761169,
"EventTime": "2021-09-06T20:48:39.852340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:48:39.982821-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9043972,
"ParentPID": 8192154,
"Thread": 44761169,
"EventTime": "2021-09-06T20:48:39.859339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:48:39.983644-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010289268CeDqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10289268,
"ParentPID": 11534338,
"Thread": 46923937,
"EventTime": "2021-09-06T20:48:39.952340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:48:39.984374-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192156,
"ParentPID": 6684890,
"Thread": 30081027,
"EventTime": "2021-09-06T20:50:00.650237-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:50:00.814003-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192156,
"ParentPID": 6684890,
"Thread": 30081027,
"EventTime": "2021-09-06T20:50:00.650237-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:50:00.814783-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 19:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192156,
"ParentPID": 6684890,
"Thread": 30081027,
"EventTime": "2021-09-06T20:50:00.650237-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:50:00.815549-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192156,
"ParentPID": 6684890,
"Thread": 30081027,
"EventTime": "2021-09-06T20:50:00.650237-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:50:00.816272-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192158,
"ParentPID": 6684890,
"Thread": 35520577,
"EventTime": "2021-09-06T20:55:00.661613-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:55:00.759789-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192158,
"ParentPID": 6684890,
"Thread": 35520577,
"EventTime": "2021-09-06T20:55:00.661613-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:55:00.760620-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 19:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192158,
"ParentPID": 6684890,
"Thread": 35520577,
"EventTime": "2021-09-06T20:55:00.661613-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:55:00.761384-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192158,
"ParentPID": 6684890,
"Thread": 35520577,
"EventTime": "2021-09-06T20:55:00.661613-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T20:55:00.762118-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192160,
"ParentPID": 6684890,
"Thread": 35520593,
"EventTime": "2021-09-06T21:00:00.670501-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:00:00.692968-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192160,
"ParentPID": 6684890,
"Thread": 35520593,
"EventTime": "2021-09-06T21:00:00.670501-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:00:00.693747-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 20:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192160,
"ParentPID": 6684890,
"Thread": 35520593,
"EventTime": "2021-09-06T21:00:00.670501-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:00:00.694514-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192160,
"ParentPID": 6684890,
"Thread": 35520593,
"EventTime": "2021-09-06T21:00:00.670501-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:00:00.695243-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289272,
"ParentPID": 5439688,
"Thread": 46923955,
"EventTime": "2021-09-06T21:01:36.504742-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:01:36.530981-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289274,
"ParentPID": 5439688,
"Thread": 46923957,
"EventTime": "2021-09-06T21:01:36.766340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:01:36.836557-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289276,
"ParentPID": 5439688,
"Thread": 45416463,
"EventTime": "2021-09-06T21:01:42.059340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:01:42.260751-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289278,
"ParentPID": 5439688,
"Thread": 45416465,
"EventTime": "2021-09-06T21:01:43.183787-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:01:43.484116-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289280,
"ParentPID": 5439688,
"Thread": 45416467,
"EventTime": "2021-09-06T21:01:43.445340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:01:43.484940-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289282,
"ParentPID": 5439688,
"Thread": 45416469,
"EventTime": "2021-09-06T21:01:48.587687-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:01:48.607489-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289284,
"ParentPID": 5439688,
"Thread": 45416471,
"EventTime": "2021-09-06T21:01:53.665340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:01:53.712714-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289286,
"ParentPID": 5439688,
"Thread": 45416473,
"EventTime": "2021-09-06T21:01:53.925340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:01:54.014058-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289288,
"ParentPID": 5439688,
"Thread": 45416475,
"EventTime": "2021-09-06T21:01:54.235340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:01:54.316169-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289290,
"ParentPID": 5439688,
"Thread": 45416477,
"EventTime": "2021-09-06T21:01:54.495340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:01:54.618452-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00114689407eHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468940,
"ParentPID": 8192172,
"Thread": 46727169,
"EventTime": "2021-09-06T21:03:40.081340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:03:40.114018-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192180,
"ParentPID": 10289294,
"Thread": 44761189,
"EventTime": "2021-09-06T21:03:40.095593-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:03:40.114788-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192180,
"ParentPID": 10289294,
"Thread": 44761189,
"EventTime": "2021-09-06T21:03:40.105597-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:03:40.115531-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00114689647QHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468964,
"ParentPID": 8192182,
"Thread": 46727193,
"EventTime": "2021-09-06T21:03:40.201340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:03:40.417027-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192184,
"ParentPID": 6684890,
"Thread": 35520605,
"EventTime": "2021-09-06T21:05:00.679340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:05:00.975037-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192184,
"ParentPID": 6684890,
"Thread": 35520605,
"EventTime": "2021-09-06T21:05:00.679340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:05:00.975867-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 20:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192184,
"ParentPID": 6684890,
"Thread": 35520605,
"EventTime": "2021-09-06T21:05:00.679340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:05:00.976640-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192184,
"ParentPID": 6684890,
"Thread": 35520605,
"EventTime": "2021-09-06T21:05:00.679340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:05:00.977380-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.11468966",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9043976,
"ParentPID": 11468966,
"Thread": 27656367,
"EventTime": "2021-09-06T21:05:00.699340-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:05:00.977910-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192186,
"ParentPID": 5439688,
"Thread": 45416487,
"EventTime": "2021-09-06T21:05:11.498340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:05:11.513688-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11468968.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11468968,
"ParentPID": 8192186,
"Thread": 30081043,
"EventTime": "2021-09-06T21:05:11.638375-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:05:11.819007-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11468968",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9043992,
"ParentPID": 11468968,
"Thread": 27656383,
"EventTime": "2021-09-06T21:05:11.668340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:05:11.819845-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9043992,
"ParentPID": 11468968,
"Thread": 27656383,
"EventTime": "2021-09-06T21:05:11.668340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:05:11.820593-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9043996aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9043996,
"ParentPID": 11468968,
"Thread": 27656387,
"EventTime": "2021-09-06T21:05:11.678340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:05:11.821321-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9043996aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9043996,
"ParentPID": 11468968,
"Thread": 27656387,
"EventTime": "2021-09-06T21:05:11.687855-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:05:11.822017-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9043996aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9043996,
"ParentPID": 11468968,
"Thread": 27656387,
"EventTime": "2021-09-06T21:05:11.688342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:05:11.822688-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11468968/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9044002,
"ParentPID": 11468968,
"Thread": 27656393,
"EventTime": "2021-09-06T21:05:11.698340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:05:11.823343-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11468968",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9044004,
"ParentPID": 11468968,
"Thread": 27656395,
"EventTime": "2021-09-06T21:05:11.698340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:05:11.823987-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11468970,
"ParentPID": 8192186,
"Thread": 30081045,
"EventTime": "2021-09-06T21:05:11.698340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:05:11.824629-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468970,
"ParentPID": 8192186,
"Thread": 30081045,
"EventTime": "2021-09-06T21:05:11.698340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:05:11.825268-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192188,
"ParentPID": 5439688,
"Thread": 31457503,
"EventTime": "2021-09-06T21:08:27.760242-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:28.057328-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192190,
"ParentPID": 5439688,
"Thread": 31457505,
"EventTime": "2021-09-06T21:08:28.395525-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:28.663231-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11468972.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11468972,
"ParentPID": 8192190,
"Thread": 39256287,
"EventTime": "2021-09-06T21:08:28.532564-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:28.664077-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11468972",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9044020,
"ParentPID": 11468972,
"Thread": 46727209,
"EventTime": "2021-09-06T21:08:28.572578-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:28.664823-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9044020,
"ParentPID": 11468972,
"Thread": 46727209,
"EventTime": "2021-09-06T21:08:28.572578-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:28.665577-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044024aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044024,
"ParentPID": 11468972,
"Thread": 46727213,
"EventTime": "2021-09-06T21:08:28.582586-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:28.666284-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044024aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044024,
"ParentPID": 11468972,
"Thread": 46727213,
"EventTime": "2021-09-06T21:08:28.582586-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:28.666958-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044024aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044024,
"ParentPID": 11468972,
"Thread": 46727213,
"EventTime": "2021-09-06T21:08:28.592588-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:28.667611-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11468972/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9044030,
"ParentPID": 11468972,
"Thread": 46727219,
"EventTime": "2021-09-06T21:08:28.602591-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:28.668253-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11468972",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9044032,
"ParentPID": 11468972,
"Thread": 46727221,
"EventTime": "2021-09-06T21:08:28.602591-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:28.668893-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11468974,
"ParentPID": 8192190,
"Thread": 39256289,
"EventTime": "2021-09-06T21:08:28.606969-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:28.669530-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468974,
"ParentPID": 8192190,
"Thread": 39256289,
"EventTime": "2021-09-06T21:08:28.606969-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:28.670170-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192192,
"ParentPID": 5439688,
"Thread": 31457507,
"EventTime": "2021-09-06T21:08:29.013697-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:29.275139-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11468976.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11468976,
"ParentPID": 8192192,
"Thread": 39256291,
"EventTime": "2021-09-06T21:08:29.154081-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:29.275959-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11468976",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9044048,
"ParentPID": 11468976,
"Thread": 46727237,
"EventTime": "2021-09-06T21:08:29.184092-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:29.276704-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9044048,
"ParentPID": 11468976,
"Thread": 46727237,
"EventTime": "2021-09-06T21:08:29.192379-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:29.277431-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044052aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044052,
"ParentPID": 11468976,
"Thread": 46727241,
"EventTime": "2021-09-06T21:08:29.197303-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:29.278135-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044052aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044052,
"ParentPID": 11468976,
"Thread": 46727241,
"EventTime": "2021-09-06T21:08:29.202526-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:29.278809-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044052aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044052,
"ParentPID": 11468976,
"Thread": 46727241,
"EventTime": "2021-09-06T21:08:29.204099-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:29.279459-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11468976/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9044054,
"ParentPID": 11468976,
"Thread": 46727243,
"EventTime": "2021-09-06T21:08:29.214101-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:29.280102-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11468976",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9044056,
"ParentPID": 11468976,
"Thread": 46727245,
"EventTime": "2021-09-06T21:08:29.214101-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:29.280737-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11468978,
"ParentPID": 8192192,
"Thread": 39256293,
"EventTime": "2021-09-06T21:08:29.222341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:29.281380-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468978,
"ParentPID": 8192192,
"Thread": 39256293,
"EventTime": "2021-09-06T21:08:29.222341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:29.282018-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192194,
"ParentPID": 5439688,
"Thread": 31457509,
"EventTime": "2021-09-06T21:08:30.572982-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:30.792240-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11468980.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11468980,
"ParentPID": 8192194,
"Thread": 39256295,
"EventTime": "2021-09-06T21:08:30.717247-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:30.793065-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11468980",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9044072,
"ParentPID": 11468980,
"Thread": 46727261,
"EventTime": "2021-09-06T21:08:30.751372-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:30.793812-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9044072,
"ParentPID": 11468980,
"Thread": 46727261,
"EventTime": "2021-09-06T21:08:30.757262-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:30.794542-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044076aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044076,
"ParentPID": 11468980,
"Thread": 46727265,
"EventTime": "2021-09-06T21:08:30.767266-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:30.795246-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044076aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044076,
"ParentPID": 11468980,
"Thread": 46727265,
"EventTime": "2021-09-06T21:08:30.767266-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:30.795923-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044076aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044076,
"ParentPID": 11468980,
"Thread": 46727265,
"EventTime": "2021-09-06T21:08:30.768734-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:30.796576-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11468980/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9044082,
"ParentPID": 11468980,
"Thread": 46727271,
"EventTime": "2021-09-06T21:08:30.777269-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:30.797218-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11468980",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9044084,
"ParentPID": 11468980,
"Thread": 46727273,
"EventTime": "2021-09-06T21:08:30.781342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:30.797925-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11468982,
"ParentPID": 8192194,
"Thread": 39256297,
"EventTime": "2021-09-06T21:08:30.787273-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:30.798565-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468982,
"ParentPID": 8192194,
"Thread": 39256297,
"EventTime": "2021-09-06T21:08:30.787273-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:30.799200-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192196,
"ParentPID": 5439688,
"Thread": 31457511,
"EventTime": "2021-09-06T21:08:42.521340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:42.534065-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192198,
"ParentPID": 5439688,
"Thread": 31457513,
"EventTime": "2021-09-06T21:08:43.905458-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:44.044883-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192200,
"ParentPID": 5439688,
"Thread": 31457515,
"EventTime": "2021-09-06T21:08:45.291340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:45.559120-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192202,
"ParentPID": 5439688,
"Thread": 31457517,
"EventTime": "2021-09-06T21:08:46.671340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:46.772233-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11468984.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11468984,
"ParentPID": 8192202,
"Thread": 39256299,
"EventTime": "2021-09-06T21:08:46.801657-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:47.082208-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11468984",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9044100,
"ParentPID": 11468984,
"Thread": 46727289,
"EventTime": "2021-09-06T21:08:46.836528-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:47.083037-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9044100,
"ParentPID": 11468984,
"Thread": 46727289,
"EventTime": "2021-09-06T21:08:46.843223-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:47.083786-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044104aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044104,
"ParentPID": 11468984,
"Thread": 46727293,
"EventTime": "2021-09-06T21:08:46.851340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:47.084516-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044104aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044104,
"ParentPID": 11468984,
"Thread": 46727293,
"EventTime": "2021-09-06T21:08:46.851670-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:47.085223-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044104aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044104,
"ParentPID": 11468984,
"Thread": 46727293,
"EventTime": "2021-09-06T21:08:46.851670-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:47.085900-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11468984/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9044110,
"ParentPID": 11468984,
"Thread": 46727299,
"EventTime": "2021-09-06T21:08:46.861673-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:47.086548-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11468984",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9044112,
"ParentPID": 11468984,
"Thread": 46727301,
"EventTime": "2021-09-06T21:08:46.861673-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:47.087199-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11468986,
"ParentPID": 8192202,
"Thread": 39256301,
"EventTime": "2021-09-06T21:08:46.871676-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:47.087837-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468986,
"ParentPID": 8192202,
"Thread": 39256301,
"EventTime": "2021-09-06T21:08:46.871676-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:47.088476-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192204,
"ParentPID": 5439688,
"Thread": 31457519,
"EventTime": "2021-09-06T21:08:48.165071-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:48.290488-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.11468988",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9044114,
"ParentPID": 11468988,
"Thread": 46727303,
"EventTime": "2021-09-06T21:08:48.177789-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:48.291083-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11468990.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11468990,
"ParentPID": 8192204,
"Thread": 39256305,
"EventTime": "2021-09-06T21:08:48.305434-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:48.592183-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11468990",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9044130,
"ParentPID": 11468990,
"Thread": 46727319,
"EventTime": "2021-09-06T21:08:48.339622-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:48.593007-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9044130,
"ParentPID": 11468990,
"Thread": 46727319,
"EventTime": "2021-09-06T21:08:48.345450-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:48.593752-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044134aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044134,
"ParentPID": 11468990,
"Thread": 46727323,
"EventTime": "2021-09-06T21:08:48.355453-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:48.594482-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044134aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044134,
"ParentPID": 11468990,
"Thread": 46727323,
"EventTime": "2021-09-06T21:08:48.355453-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:48.595188-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044134aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044134,
"ParentPID": 11468990,
"Thread": 46727323,
"EventTime": "2021-09-06T21:08:48.355453-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:48.595855-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11468990/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9044136,
"ParentPID": 11468990,
"Thread": 46727325,
"EventTime": "2021-09-06T21:08:48.365456-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:48.596512-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11468990",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9044138,
"ParentPID": 11468990,
"Thread": 46727327,
"EventTime": "2021-09-06T21:08:48.371340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:48.597155-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11468992,
"ParentPID": 8192204,
"Thread": 39256307,
"EventTime": "2021-09-06T21:08:48.375461-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:48.597795-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468992,
"ParentPID": 8192204,
"Thread": 39256307,
"EventTime": "2021-09-06T21:08:48.375461-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:48.598434-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192206,
"ParentPID": 5439688,
"Thread": 31457521,
"EventTime": "2021-09-06T21:08:49.669003-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:08:49.810286-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192208,
"ParentPID": 6684890,
"Thread": 35520621,
"EventTime": "2021-09-06T21:10:00.703459-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:10:00.734412-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192208,
"ParentPID": 6684890,
"Thread": 35520621,
"EventTime": "2021-09-06T21:10:00.703459-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:10:00.735196-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 20:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192208,
"ParentPID": 6684890,
"Thread": 35520621,
"EventTime": "2021-09-06T21:10:00.703459-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:10:00.735964-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192208,
"ParentPID": 6684890,
"Thread": 35520621,
"EventTime": "2021-09-06T21:10:00.703459-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:10:00.736697-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192210,
"ParentPID": 6684890,
"Thread": 40435805,
"EventTime": "2021-09-06T21:15:00.713021-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:15:00.904386-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192210,
"ParentPID": 6684890,
"Thread": 40435805,
"EventTime": "2021-09-06T21:15:00.713021-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:15:00.905218-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 20:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192210,
"ParentPID": 6684890,
"Thread": 40435805,
"EventTime": "2021-09-06T21:15:00.713021-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:15:00.905980-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192210,
"ParentPID": 6684890,
"Thread": 40435805,
"EventTime": "2021-09-06T21:15:00.713021-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:15:00.906718-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00090441601M97aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9044160,
"ParentPID": 11469002,
"Thread": 47644793,
"EventTime": "2021-09-06T21:18:40.321341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:18:40.586810-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11469010,
"ParentPID": 8192212,
"Thread": 47775851,
"EventTime": "2021-09-06T21:18:40.341340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:18:40.587659-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11469010,
"ParentPID": 8192212,
"Thread": 47775851,
"EventTime": "2021-09-06T21:18:40.351340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:18:40.588403-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00090441842797aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9044184,
"ParentPID": 11469012,
"Thread": 47644817,
"EventTime": "2021-09-06T21:18:40.441340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:18:40.589138-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11469014,
"ParentPID": 6684890,
"Thread": 36241611,
"EventTime": "2021-09-06T21:20:00.720956-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:20:00.822169-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11469014,
"ParentPID": 6684890,
"Thread": 36241611,
"EventTime": "2021-09-06T21:20:00.720956-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:20:00.823032-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 20:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11469014,
"ParentPID": 6684890,
"Thread": 36241611,
"EventTime": "2021-09-06T21:20:00.720956-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:20:00.823799-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11469014,
"ParentPID": 6684890,
"Thread": 36241611,
"EventTime": "2021-09-06T21:20:00.720956-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:20:00.824537-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11469016,
"ParentPID": 6684890,
"Thread": 35520637,
"EventTime": "2021-09-06T21:25:00.732247-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:25:01.012604-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11469016,
"ParentPID": 6684890,
"Thread": 35520637,
"EventTime": "2021-09-06T21:25:00.732247-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:25:01.013388-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 20:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11469016,
"ParentPID": 6684890,
"Thread": 35520637,
"EventTime": "2021-09-06T21:25:00.732247-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:25:01.014152-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11469016,
"ParentPID": 6684890,
"Thread": 35520637,
"EventTime": "2021-09-06T21:25:00.736439-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:25:01.015043-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11469018,
"ParentPID": 6684890,
"Thread": 38469719,
"EventTime": "2021-09-06T21:30:00.744279-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:30:00.854992-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11469018,
"ParentPID": 6684890,
"Thread": 38469719,
"EventTime": "2021-09-06T21:30:00.744279-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:30:00.855776-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 20:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11469018,
"ParentPID": 6684890,
"Thread": 38469719,
"EventTime": "2021-09-06T21:30:00.744279-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:30:00.856548-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11469018,
"ParentPID": 6684890,
"Thread": 38469719,
"EventTime": "2021-09-06T21:30:00.744279-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:30:00.857283-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-06T21:33:12.595533-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:33:12.833600-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010289342v7Dqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10289342,
"ParentPID": 9044194,
"Thread": 36241645,
"EventTime": "2021-09-06T21:33:40.570340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:33:40.813313-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9044202,
"ParentPID": 11469022,
"Thread": 30670971,
"EventTime": "2021-09-06T21:33:40.582081-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:33:40.814133-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9044202,
"ParentPID": 11469022,
"Thread": 30670971,
"EventTime": "2021-09-06T21:33:40.592084-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:33:40.814874-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010289366wmDqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10289366,
"ParentPID": 9044204,
"Thread": 36241413,
"EventTime": "2021-09-06T21:33:40.682115-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:33:40.815597-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11469024,
"ParentPID": 6684890,
"Thread": 36634633,
"EventTime": "2021-09-06T21:35:00.745770-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:35:01.034136-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11469024,
"ParentPID": 6684890,
"Thread": 36634633,
"EventTime": "2021-09-06T21:35:00.755774-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:35:01.034956-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 20:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11469024,
"ParentPID": 6684890,
"Thread": 36634633,
"EventTime": "2021-09-06T21:35:00.755774-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:35:01.035715-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11469024,
"ParentPID": 6684890,
"Thread": 36634633,
"EventTime": "2021-09-06T21:35:00.755774-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:35:01.036450-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11469026,
"ParentPID": 5439688,
"Thread": 40108177,
"EventTime": "2021-09-06T21:35:05.698987-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:35:05.850366-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9830440.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9830440,
"ParentPID": 11469026,
"Thread": 35913823,
"EventTime": "2021-09-06T21:35:05.890281-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:35:06.158211-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9830440",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 5636198,
"ParentPID": 9830440,
"Thread": 33423473,
"EventTime": "2021-09-06T21:35:05.929620-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:35:06.159044-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 5636198,
"ParentPID": 9830440,
"Thread": 33423473,
"EventTime": "2021-09-06T21:35:05.929620-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:35:06.159793-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm5636202aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 5636202,
"ParentPID": 9830440,
"Thread": 33423477,
"EventTime": "2021-09-06T21:35:05.939624-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:35:06.160527-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm5636202aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 5636202,
"ParentPID": 9830440,
"Thread": 33423477,
"EventTime": "2021-09-06T21:35:05.939624-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:35:06.161228-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm5636202aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 5636202,
"ParentPID": 9830440,
"Thread": 33423477,
"EventTime": "2021-09-06T21:35:05.947341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:35:06.161906-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9830440/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 5636208,
"ParentPID": 9830440,
"Thread": 33423483,
"EventTime": "2021-09-06T21:35:05.957340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:35:06.162565-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9830440",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 5636210,
"ParentPID": 9830440,
"Thread": 33423485,
"EventTime": "2021-09-06T21:35:05.959659-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:35:06.163212-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9830442,
"ParentPID": 11469026,
"Thread": 35913825,
"EventTime": "2021-09-06T21:35:05.959659-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:35:06.163856-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830442,
"ParentPID": 11469026,
"Thread": 35913825,
"EventTime": "2021-09-06T21:35:05.959659-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:35:06.164501-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11469028,
"ParentPID": 5439688,
"Thread": 42139743,
"EventTime": "2021-09-06T21:38:34.220340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:38:34.386179-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11469030,
"ParentPID": 6684890,
"Thread": 41025789,
"EventTime": "2021-09-06T21:40:00.764509-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:40:00.902073-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11469030,
"ParentPID": 6684890,
"Thread": 41025789,
"EventTime": "2021-09-06T21:40:00.764509-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:40:00.902904-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 20:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11469030,
"ParentPID": 6684890,
"Thread": 41025789,
"EventTime": "2021-09-06T21:40:00.764509-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:40:00.903669-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11469030,
"ParentPID": 6684890,
"Thread": 41025789,
"EventTime": "2021-09-06T21:40:00.764509-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:40:00.904392-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09830444",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 5636212,
"ParentPID": 9830444,
"Thread": 40239177,
"EventTime": "2021-09-06T21:40:00.777340-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:40:00.904937-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11469032,
"ParentPID": 6684890,
"Thread": 37093457,
"EventTime": "2021-09-06T21:45:00.787340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:45:00.805529-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11469032,
"ParentPID": 6684890,
"Thread": 37093457,
"EventTime": "2021-09-06T21:45:00.787340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:45:00.806358-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 20:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11469032,
"ParentPID": 6684890,
"Thread": 37093457,
"EventTime": "2021-09-06T21:45:00.787340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:45:00.807122-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11469032,
"ParentPID": 6684890,
"Thread": 37093457,
"EventTime": "2021-09-06T21:45:00.787340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:45:00.807877-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636234qmv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636234,
"ParentPID": 9830454,
"Thread": 46923983,
"EventTime": "2021-09-06T21:48:40.810340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:48:41.090210-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9830462,
"ParentPID": 11469034,
"Thread": 39059475,
"EventTime": "2021-09-06T21:48:40.830340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:48:41.091271-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9830462,
"ParentPID": 11469034,
"Thread": 39059475,
"EventTime": "2021-09-06T21:48:40.836754-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:48:41.092066-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010551520qYEqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10551520,
"ParentPID": 8192244,
"Thread": 44236949,
"EventTime": "2021-09-06T21:48:40.930341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:48:41.092798-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11469036,
"ParentPID": 6684890,
"Thread": 42336397,
"EventTime": "2021-09-06T21:50:00.788829-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:50:01.002368-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11469036,
"ParentPID": 6684890,
"Thread": 42336397,
"EventTime": "2021-09-06T21:50:00.788829-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:50:01.003205-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 20:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11469036,
"ParentPID": 6684890,
"Thread": 42336397,
"EventTime": "2021-09-06T21:50:00.788829-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:50:01.003970-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11469036,
"ParentPID": 6684890,
"Thread": 42336397,
"EventTime": "2021-09-06T21:50:00.798833-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:50:01.004699-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11469038,
"ParentPID": 6684890,
"Thread": 36044891,
"EventTime": "2021-09-06T21:55:00.806373-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:55:00.858658-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11469038,
"ParentPID": 6684890,
"Thread": 36044891,
"EventTime": "2021-09-06T21:55:00.806373-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:55:00.859501-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 20:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11469038,
"ParentPID": 6684890,
"Thread": 36044891,
"EventTime": "2021-09-06T21:55:00.807812-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:55:00.860262-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11469038,
"ParentPID": 6684890,
"Thread": 36044891,
"EventTime": "2021-09-06T21:55:00.807812-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T21:55:00.860993-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11469040,
"ParentPID": 6684890,
"Thread": 35324071,
"EventTime": "2021-09-06T22:00:00.814626-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:00:01.060079-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11469040,
"ParentPID": 6684890,
"Thread": 35324071,
"EventTime": "2021-09-06T22:00:00.814626-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:00:01.060854-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 21:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11469040,
"ParentPID": 6684890,
"Thread": 35324071,
"EventTime": "2021-09-06T22:00:00.817342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:00:01.061607-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11469040,
"ParentPID": 6684890,
"Thread": 35324071,
"EventTime": "2021-09-06T22:00:00.818011-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:00:01.062325-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551524,
"ParentPID": 5439688,
"Thread": 29622509,
"EventTime": "2021-09-06T22:01:38.304637-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:01:38.404927-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551526,
"ParentPID": 5439688,
"Thread": 29622511,
"EventTime": "2021-09-06T22:01:38.565063-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:01:38.705825-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551528,
"ParentPID": 5439688,
"Thread": 20840523,
"EventTime": "2021-09-06T22:01:43.771923-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:01:43.823522-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551530,
"ParentPID": 5439688,
"Thread": 20840525,
"EventTime": "2021-09-06T22:01:43.893748-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:01:44.124709-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551532,
"ParentPID": 5439688,
"Thread": 20840527,
"EventTime": "2021-09-06T22:01:45.165977-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:01:45.336814-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551534,
"ParentPID": 5439688,
"Thread": 20840529,
"EventTime": "2021-09-06T22:01:45.426431-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:01:45.643863-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551536,
"ParentPID": 5439688,
"Thread": 20840531,
"EventTime": "2021-09-06T22:01:50.608418-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:01:50.756851-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551538,
"ParentPID": 5439688,
"Thread": 20840533,
"EventTime": "2021-09-06T22:01:50.866464-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:01:51.063849-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551540,
"ParentPID": 5439688,
"Thread": 20840535,
"EventTime": "2021-09-06T22:01:51.126889-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:01:51.367697-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551542,
"ParentPID": 5439688,
"Thread": 20840537,
"EventTime": "2021-09-06T22:01:51.383339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:01:51.668265-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009961636kECaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9961636,
"ParentPID": 11469052,
"Thread": 33357955,
"EventTime": "2021-09-06T22:03:41.009339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:03:41.277481-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11468804,
"ParentPID": 10551546,
"Thread": 41025567,
"EventTime": "2021-09-06T22:03:41.025480-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:03:41.277949-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11468804,
"ParentPID": 10551546,
"Thread": 41025567,
"EventTime": "2021-09-06T22:03:41.029339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:03:41.278373-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009961660leCaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9961660,
"ParentPID": 11468806,
"Thread": 33357979,
"EventTime": "2021-09-06T22:03:41.089347-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:03:41.278794-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551548,
"ParentPID": 6684890,
"Thread": 35324083,
"EventTime": "2021-09-06T22:05:00.818001-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:05:00.869405-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551548,
"ParentPID": 6684890,
"Thread": 35324083,
"EventTime": "2021-09-06T22:05:00.818001-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:05:00.869854-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 21:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551548,
"ParentPID": 6684890,
"Thread": 35324083,
"EventTime": "2021-09-06T22:05:00.818001-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:05:00.870327-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551548,
"ParentPID": 6684890,
"Thread": 35324083,
"EventTime": "2021-09-06T22:05:00.818001-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:05:00.870763-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551550,
"ParentPID": 5439688,
"Thread": 28704817,
"EventTime": "2021-09-06T22:08:17.869331-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:17.909777-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551296,
"ParentPID": 5439688,
"Thread": 28704819,
"EventTime": "2021-09-06T22:08:18.473224-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:18.511149-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11468808.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11468808,
"ParentPID": 10551296,
"Thread": 34406407,
"EventTime": "2021-09-06T22:08:18.600909-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:18.812180-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11468808",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9961676,
"ParentPID": 11468808,
"Thread": 37093493,
"EventTime": "2021-09-06T22:08:18.630918-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:18.812936-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9961676,
"ParentPID": 11468808,
"Thread": 37093493,
"EventTime": "2021-09-06T22:08:18.640920-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:18.813626-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961680aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961680,
"ParentPID": 11468808,
"Thread": 37093497,
"EventTime": "2021-09-06T22:08:18.650923-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:18.814334-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961680aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961680,
"ParentPID": 11468808,
"Thread": 37093497,
"EventTime": "2021-09-06T22:08:18.650923-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:18.815049-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961680aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961680,
"ParentPID": 11468808,
"Thread": 37093497,
"EventTime": "2021-09-06T22:08:18.650923-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:18.815760-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11468808/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9961682,
"ParentPID": 11468808,
"Thread": 37093499,
"EventTime": "2021-09-06T22:08:18.660926-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:18.816461-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11468808",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9961684,
"ParentPID": 11468808,
"Thread": 37093501,
"EventTime": "2021-09-06T22:08:18.670930-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:18.817176-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11468810,
"ParentPID": 10551296,
"Thread": 34406409,
"EventTime": "2021-09-06T22:08:18.675750-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:18.817858-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468810,
"ParentPID": 10551296,
"Thread": 34406409,
"EventTime": "2021-09-06T22:08:18.675750-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:18.818515-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551298,
"ParentPID": 5439688,
"Thread": 28704821,
"EventTime": "2021-09-06T22:08:19.102136-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:19.121159-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11468812.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11468812,
"ParentPID": 10551298,
"Thread": 34406411,
"EventTime": "2021-09-06T22:08:19.232504-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:19.423644-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11468812",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9961700,
"ParentPID": 11468812,
"Thread": 37093517,
"EventTime": "2021-09-06T22:08:19.262514-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:19.424400-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9961700,
"ParentPID": 11468812,
"Thread": 37093517,
"EventTime": "2021-09-06T22:08:19.272517-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:19.425099-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961704aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961704,
"ParentPID": 11468812,
"Thread": 37093521,
"EventTime": "2021-09-06T22:08:19.282520-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:19.425808-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961704aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961704,
"ParentPID": 11468812,
"Thread": 37093521,
"EventTime": "2021-09-06T22:08:19.282520-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:19.426521-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961704aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961704,
"ParentPID": 11468812,
"Thread": 37093521,
"EventTime": "2021-09-06T22:08:19.282520-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:19.427218-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11468812/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9961706,
"ParentPID": 11468812,
"Thread": 37093523,
"EventTime": "2021-09-06T22:08:19.302530-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:19.427930-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09437254",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9044006,
"ParentPID": 9437254,
"Thread": 41025579,
"EventTime": "2021-09-06T22:08:19.302530-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:19.428461-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11468812",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9961708,
"ParentPID": 11468812,
"Thread": 37093525,
"EventTime": "2021-09-06T22:08:19.312533-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:19.429137-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11468814,
"ParentPID": 10551298,
"Thread": 34406413,
"EventTime": "2021-09-06T22:08:19.312533-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:19.429794-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468814,
"ParentPID": 10551298,
"Thread": 34406413,
"EventTime": "2021-09-06T22:08:19.312533-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:19.430477-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551300,
"ParentPID": 5439688,
"Thread": 28704823,
"EventTime": "2021-09-06T22:08:21.862712-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:22.133738-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11468816.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11468816,
"ParentPID": 10551300,
"Thread": 34406415,
"EventTime": "2021-09-06T22:08:21.990341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:22.134507-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11468816",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9437270,
"ParentPID": 11468816,
"Thread": 33357997,
"EventTime": "2021-09-06T22:08:22.020340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:22.135212-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9437270,
"ParentPID": 11468816,
"Thread": 33357997,
"EventTime": "2021-09-06T22:08:22.032451-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:22.135924-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9437274aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9437274,
"ParentPID": 11468816,
"Thread": 33358001,
"EventTime": "2021-09-06T22:08:22.040340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:22.136637-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9437274aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9437274,
"ParentPID": 11468816,
"Thread": 33358001,
"EventTime": "2021-09-06T22:08:22.040340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:22.137350-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9437274aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9437274,
"ParentPID": 11468816,
"Thread": 33358001,
"EventTime": "2021-09-06T22:08:22.040340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:22.138059-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11468816/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9437276,
"ParentPID": 11468816,
"Thread": 33358003,
"EventTime": "2021-09-06T22:08:22.050341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:22.138763-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11468816",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9437278,
"ParentPID": 11468816,
"Thread": 33358005,
"EventTime": "2021-09-06T22:08:22.060342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:22.139431-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11468818,
"ParentPID": 10551300,
"Thread": 34406417,
"EventTime": "2021-09-06T22:08:22.062968-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:22.140083-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468818,
"ParentPID": 10551300,
"Thread": 34406417,
"EventTime": "2021-09-06T22:08:22.062968-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:22.140790-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551302,
"ParentPID": 5439688,
"Thread": 28704825,
"EventTime": "2021-09-06T22:08:33.841801-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:33.882736-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551304,
"ParentPID": 5439688,
"Thread": 28704827,
"EventTime": "2021-09-06T22:08:35.225673-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:35.389627-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551306,
"ParentPID": 5439688,
"Thread": 28704829,
"EventTime": "2021-09-06T22:08:36.609623-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:36.900196-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551308,
"ParentPID": 5439688,
"Thread": 28704831,
"EventTime": "2021-09-06T22:08:37.990345-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:38.104536-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11468820.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11468820,
"ParentPID": 10551308,
"Thread": 34406419,
"EventTime": "2021-09-06T22:08:38.123791-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:38.410170-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11468820",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9437294,
"ParentPID": 11468820,
"Thread": 33358021,
"EventTime": "2021-09-06T22:08:38.153802-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:38.410947-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9437294,
"ParentPID": 11468820,
"Thread": 33358021,
"EventTime": "2021-09-06T22:08:38.159340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:38.411671-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9437298aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9437298,
"ParentPID": 11468820,
"Thread": 33358025,
"EventTime": "2021-09-06T22:08:38.171383-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:38.412392-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9437298aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9437298,
"ParentPID": 11468820,
"Thread": 33358025,
"EventTime": "2021-09-06T22:08:38.171383-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:38.413109-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9437298aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9437298,
"ParentPID": 11468820,
"Thread": 33358025,
"EventTime": "2021-09-06T22:08:38.173808-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:38.413810-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11468820/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9437300,
"ParentPID": 11468820,
"Thread": 33358027,
"EventTime": "2021-09-06T22:08:38.183812-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:38.414525-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11468820",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9437302,
"ParentPID": 11468820,
"Thread": 33358029,
"EventTime": "2021-09-06T22:08:38.183812-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:38.415226-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11468822,
"ParentPID": 10551308,
"Thread": 34406421,
"EventTime": "2021-09-06T22:08:38.190413-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:38.415895-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468822,
"ParentPID": 10551308,
"Thread": 34406421,
"EventTime": "2021-09-06T22:08:38.190413-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:38.416543-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551310,
"ParentPID": 5439688,
"Thread": 28704833,
"EventTime": "2021-09-06T22:08:39.450423-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:39.629441-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11468824.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11468824,
"ParentPID": 10551310,
"Thread": 34406423,
"EventTime": "2021-09-06T22:08:39.579340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:39.630176-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11468824",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9437318,
"ParentPID": 11468824,
"Thread": 33358045,
"EventTime": "2021-09-06T22:08:39.609340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:39.630949-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9437318,
"ParentPID": 11468824,
"Thread": 33358045,
"EventTime": "2021-09-06T22:08:39.619340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:39.631678-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9437322aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9437322,
"ParentPID": 11468824,
"Thread": 33358049,
"EventTime": "2021-09-06T22:08:39.629340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:39.939281-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9437322aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9437322,
"ParentPID": 11468824,
"Thread": 33358049,
"EventTime": "2021-09-06T22:08:39.629340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:39.940068-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9437322aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9437322,
"ParentPID": 11468824,
"Thread": 33358049,
"EventTime": "2021-09-06T22:08:39.637566-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:39.940950-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11468824/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9437328,
"ParentPID": 11468824,
"Thread": 33358055,
"EventTime": "2021-09-06T22:08:39.647568-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:39.941693-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11468824",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9437330,
"ParentPID": 11468824,
"Thread": 33358057,
"EventTime": "2021-09-06T22:08:39.649341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:39.942422-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11468826,
"ParentPID": 10551310,
"Thread": 34406425,
"EventTime": "2021-09-06T22:08:39.651757-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:39.943131-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468826,
"ParentPID": 10551310,
"Thread": 34406425,
"EventTime": "2021-09-06T22:08:39.651757-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:39.943845-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551312,
"ParentPID": 5439688,
"Thread": 28704835,
"EventTime": "2021-09-06T22:08:40.911263-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:08:41.152715-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551314,
"ParentPID": 6684890,
"Thread": 44695567,
"EventTime": "2021-09-06T22:10:00.827340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:10:01.074199-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551314,
"ParentPID": 6684890,
"Thread": 44695567,
"EventTime": "2021-09-06T22:10:00.827340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:10:01.074980-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 21:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551314,
"ParentPID": 6684890,
"Thread": 44695567,
"EventTime": "2021-09-06T22:10:00.827340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:10:01.075715-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551314,
"ParentPID": 6684890,
"Thread": 44695567,
"EventTime": "2021-09-06T22:10:00.827340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:10:01.076444-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551316,
"ParentPID": 6684890,
"Thread": 46923995,
"EventTime": "2021-09-06T22:15:00.836340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:15:01.027796-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551316,
"ParentPID": 6684890,
"Thread": 46923995,
"EventTime": "2021-09-06T22:15:00.836340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:15:01.028587-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 21:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551316,
"ParentPID": 6684890,
"Thread": 46923995,
"EventTime": "2021-09-06T22:15:00.836340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:15:01.029329-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551316,
"ParentPID": 6684890,
"Thread": 46923995,
"EventTime": "2021-09-06T22:15:00.836340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:15:01.030061-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009437352faAaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9437352,
"ParentPID": 11468836,
"Thread": 42991735,
"EventTime": "2021-09-06T22:18:41.209365-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:18:41.315784-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11468844,
"ParentPID": 10551318,
"Thread": 43909205,
"EventTime": "2021-09-06T22:18:41.223620-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:18:41.316554-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11468844,
"ParentPID": 10551318,
"Thread": 43909205,
"EventTime": "2021-09-06T22:18:41.232617-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:18:41.317334-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009437376fMAaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9437376,
"ParentPID": 11468846,
"Thread": 42991759,
"EventTime": "2021-09-06T22:18:41.322660-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:18:41.618215-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468848,
"ParentPID": 6684890,
"Thread": 37093577,
"EventTime": "2021-09-06T22:20:00.846341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:20:00.931519-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468848,
"ParentPID": 6684890,
"Thread": 37093577,
"EventTime": "2021-09-06T22:20:00.846341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:20:00.932276-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 21:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468848,
"ParentPID": 6684890,
"Thread": 37093577,
"EventTime": "2021-09-06T22:20:00.846341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:20:00.933016-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468848,
"ParentPID": 6684890,
"Thread": 37093577,
"EventTime": "2021-09-06T22:20:00.846341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:20:00.933745-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468850,
"ParentPID": 6684890,
"Thread": 36044917,
"EventTime": "2021-09-06T22:25:00.856340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:25:00.863368-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468850,
"ParentPID": 6684890,
"Thread": 36044917,
"EventTime": "2021-09-06T22:25:00.856340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:25:00.864106-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 21:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468850,
"ParentPID": 6684890,
"Thread": 36044917,
"EventTime": "2021-09-06T22:25:00.856340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:25:00.864840-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468850,
"ParentPID": 6684890,
"Thread": 36044917,
"EventTime": "2021-09-06T22:25:00.856340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:25:00.865569-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09437378",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9961512,
"ParentPID": 9437378,
"Thread": 36438267,
"EventTime": "2021-09-06T22:25:00.878380-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:25:01.166987-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468852,
"ParentPID": 6684890,
"Thread": 42205429,
"EventTime": "2021-09-06T22:30:00.884441-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:30:01.045737-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468852,
"ParentPID": 6684890,
"Thread": 42205429,
"EventTime": "2021-09-06T22:30:00.884441-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:30:01.046561-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 21:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468852,
"ParentPID": 6684890,
"Thread": 42205429,
"EventTime": "2021-09-06T22:30:00.884441-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:30:01.047321-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468852,
"ParentPID": 6684890,
"Thread": 42205429,
"EventTime": "2021-09-06T22:30:00.884441-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:30:01.048118-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-06T22:33:12.480339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:33:12.648016-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009961534-7Caaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9961534,
"ParentPID": 9437388,
"Thread": 20250647,
"EventTime": "2021-09-06T22:33:41.409339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:33:41.477979-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9437396,
"ParentPID": 11468856,
"Thread": 37093617,
"EventTime": "2021-09-06T22:33:41.421740-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:33:41.478443-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9437396,
"ParentPID": 11468856,
"Thread": 37093617,
"EventTime": "2021-09-06T22:33:41.421740-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:33:41.478886-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009961558-YCaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9961558,
"ParentPID": 9437398,
"Thread": 20250671,
"EventTime": "2021-09-06T22:33:41.484147-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:33:41.779842-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468858,
"ParentPID": 5439688,
"Thread": 32243825,
"EventTime": "2021-09-06T22:34:33.277353-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:34:33.467905-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9437400.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9437400,
"ParentPID": 11468858,
"Thread": 36438017,
"EventTime": "2021-09-06T22:34:33.407528-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:34:33.468413-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9437400",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9961574,
"ParentPID": 9437400,
"Thread": 46923791,
"EventTime": "2021-09-06T22:34:33.427531-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:34:33.468870-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9961574,
"ParentPID": 9437400,
"Thread": 46923791,
"EventTime": "2021-09-06T22:34:33.427531-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:34:33.469313-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961578aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961578,
"ParentPID": 9437400,
"Thread": 46923795,
"EventTime": "2021-09-06T22:34:33.440215-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:34:33.469745-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961578aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961578,
"ParentPID": 9437400,
"Thread": 46923795,
"EventTime": "2021-09-06T22:34:33.440215-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:34:33.470180-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961578aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961578,
"ParentPID": 9437400,
"Thread": 46923795,
"EventTime": "2021-09-06T22:34:33.440215-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:34:33.470608-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9437400/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9961580,
"ParentPID": 9437400,
"Thread": 46923797,
"EventTime": "2021-09-06T22:34:33.447535-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:34:33.471012-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9437400",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9961582,
"ParentPID": 9437400,
"Thread": 46923799,
"EventTime": "2021-09-06T22:34:33.447535-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:34:33.471407-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9437402,
"ParentPID": 11468858,
"Thread": 36438019,
"EventTime": "2021-09-06T22:34:33.447535-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:34:33.471799-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9437402,
"ParentPID": 11468858,
"Thread": 36438019,
"EventTime": "2021-09-06T22:34:33.447535-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:34:33.472191-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468860,
"ParentPID": 5439688,
"Thread": 32243827,
"EventTime": "2021-09-06T22:34:34.559404-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:34:34.673999-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9437404.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9437404,
"ParentPID": 11468860,
"Thread": 36438021,
"EventTime": "2021-09-06T22:34:34.690838-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:34:34.977864-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9437404",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9961598,
"ParentPID": 9437404,
"Thread": 46923815,
"EventTime": "2021-09-06T22:34:34.709626-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:34:34.978335-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9961598,
"ParentPID": 9437404,
"Thread": 46923815,
"EventTime": "2021-09-06T22:34:34.717339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:34:34.978819-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961602aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961602,
"ParentPID": 9437404,
"Thread": 46923819,
"EventTime": "2021-09-06T22:34:34.724071-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:34:34.979269-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961602aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961602,
"ParentPID": 9437404,
"Thread": 46923819,
"EventTime": "2021-09-06T22:34:34.724071-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:34:34.979706-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961602aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961602,
"ParentPID": 9437404,
"Thread": 46923819,
"EventTime": "2021-09-06T22:34:34.727413-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:34:34.980147-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9437404/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9961604,
"ParentPID": 9437404,
"Thread": 46923821,
"EventTime": "2021-09-06T22:34:34.729630-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:34:34.980581-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9437404",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9961606,
"ParentPID": 9437404,
"Thread": 46923823,
"EventTime": "2021-09-06T22:34:34.729630-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:34:34.980987-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9437406,
"ParentPID": 11468860,
"Thread": 36438023,
"EventTime": "2021-09-06T22:34:34.737395-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:34:34.981385-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9437406,
"ParentPID": 11468860,
"Thread": 36438023,
"EventTime": "2021-09-06T22:34:34.737395-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:34:34.981781-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468862,
"ParentPID": 6684890,
"Thread": 32243829,
"EventTime": "2021-09-06T22:35:00.886340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:35:01.119943-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468862,
"ParentPID": 6684890,
"Thread": 32243829,
"EventTime": "2021-09-06T22:35:00.886340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:35:01.120462-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 21:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468862,
"ParentPID": 6684890,
"Thread": 32243829,
"EventTime": "2021-09-06T22:35:00.886340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:35:01.120927-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468862,
"ParentPID": 6684890,
"Thread": 32243829,
"EventTime": "2021-09-06T22:35:00.886340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:35:01.121387-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468864,
"ParentPID": 5439688,
"Thread": 37421255,
"EventTime": "2021-09-06T22:38:43.775087-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:38:43.779946-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468866,
"ParentPID": 6684890,
"Thread": 32833671,
"EventTime": "2021-09-06T22:40:00.896340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:40:00.996414-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468866,
"ParentPID": 6684890,
"Thread": 32833671,
"EventTime": "2021-09-06T22:40:00.896340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:40:00.997190-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 21:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468866,
"ParentPID": 6684890,
"Thread": 32833671,
"EventTime": "2021-09-06T22:40:00.897984-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:40:00.997992-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468866,
"ParentPID": 6684890,
"Thread": 32833671,
"EventTime": "2021-09-06T22:40:00.897984-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:40:00.998737-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468868,
"ParentPID": 6684890,
"Thread": 42139795,
"EventTime": "2021-09-06T22:45:00.906340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:45:01.186227-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468868,
"ParentPID": 6684890,
"Thread": 42139795,
"EventTime": "2021-09-06T22:45:00.906340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:45:01.187039-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 21:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468868,
"ParentPID": 6684890,
"Thread": 42139795,
"EventTime": "2021-09-06T22:45:00.906340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:45:01.187858-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468868,
"ParentPID": 6684890,
"Thread": 42139795,
"EventTime": "2021-09-06T22:45:00.906340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:45:01.188598-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009961628VUCaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9961628,
"ParentPID": 9437416,
"Thread": 46071811,
"EventTime": "2021-09-06T22:48:41.604064-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:48:41.754688-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9437424,
"ParentPID": 11468870,
"Thread": 41025611,
"EventTime": "2021-09-06T22:48:41.624112-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:48:41.755502-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9437424,
"ParentPID": 11468870,
"Thread": 41025611,
"EventTime": "2021-09-06T22:48:41.634115-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:48:41.756239-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009961650WACaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9961650,
"ParentPID": 10289380,
"Thread": 46071833,
"EventTime": "2021-09-06T22:48:41.718341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:48:41.756970-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468872,
"ParentPID": 6684890,
"Thread": 28508221,
"EventTime": "2021-09-06T22:50:00.915340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:50:01.083870-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468872,
"ParentPID": 6684890,
"Thread": 28508221,
"EventTime": "2021-09-06T22:50:00.915340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:50:01.084682-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 21:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468872,
"ParentPID": 6684890,
"Thread": 28508221,
"EventTime": "2021-09-06T22:50:00.915340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:50:01.085465-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468872,
"ParentPID": 6684890,
"Thread": 28508221,
"EventTime": "2021-09-06T22:50:00.915340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:50:01.086210-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468874,
"ParentPID": 6684890,
"Thread": 39321839,
"EventTime": "2021-09-06T22:55:00.925340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:55:01.008281-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468874,
"ParentPID": 6684890,
"Thread": 39321839,
"EventTime": "2021-09-06T22:55:00.925340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:55:01.009086-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 21:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468874,
"ParentPID": 6684890,
"Thread": 39321839,
"EventTime": "2021-09-06T22:55:00.925340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:55:01.009834-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468874,
"ParentPID": 6684890,
"Thread": 39321839,
"EventTime": "2021-09-06T22:55:00.925340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:55:01.010566-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09961652",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 11534408,
"ParentPID": 9961652,
"Thread": 40239219,
"EventTime": "2021-09-06T22:55:00.941355-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T22:55:01.011100-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468876,
"ParentPID": 6684890,
"Thread": 29491449,
"EventTime": "2021-09-06T23:00:00.939069-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:00:01.226610-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468876,
"ParentPID": 6684890,
"Thread": 29491449,
"EventTime": "2021-09-06T23:00:00.939069-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:00:01.227431-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 22:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468876,
"ParentPID": 6684890,
"Thread": 29491449,
"EventTime": "2021-09-06T23:00:00.949073-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:00:01.228189-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468876,
"ParentPID": 6684890,
"Thread": 29491449,
"EventTime": "2021-09-06T23:00:00.949073-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:00:01.228922-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011534430QAIaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11534430,
"ParentPID": 11468888,
"Thread": 33226753,
"EventTime": "2021-09-06T23:03:41.840466-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:03:42.111701-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11468896,
"ParentPID": 9961658,
"Thread": 45154305,
"EventTime": "2021-09-06T23:03:41.860472-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:03:42.112509-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11468896,
"ParentPID": 9961658,
"Thread": 45154305,
"EventTime": "2021-09-06T23:03:41.868340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:03:42.113248-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011534454RuIaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11534454,
"ParentPID": 11468898,
"Thread": 33226777,
"EventTime": "2021-09-06T23:03:41.960506-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:03:42.113980-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468900,
"ParentPID": 6684890,
"Thread": 39321609,
"EventTime": "2021-09-06T23:05:00.957924-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:05:01.135943-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468900,
"ParentPID": 6684890,
"Thread": 39321609,
"EventTime": "2021-09-06T23:05:00.957924-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:05:01.136771-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 22:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468900,
"ParentPID": 6684890,
"Thread": 39321609,
"EventTime": "2021-09-06T23:05:00.957924-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:05:01.137544-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468900,
"ParentPID": 6684890,
"Thread": 39321609,
"EventTime": "2021-09-06T23:05:00.957924-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:05:01.138280-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468902,
"ParentPID": 6684890,
"Thread": 45154319,
"EventTime": "2021-09-06T23:10:00.965340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:10:01.083955-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468902,
"ParentPID": 6684890,
"Thread": 45154319,
"EventTime": "2021-09-06T23:10:00.965340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:10:01.084768-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 22:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468902,
"ParentPID": 6684890,
"Thread": 45154319,
"EventTime": "2021-09-06T23:10:00.965340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:10:01.085758-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468902,
"ParentPID": 6684890,
"Thread": 45154319,
"EventTime": "2021-09-06T23:10:00.965340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:10:01.086550-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468904,
"ParentPID": 6684890,
"Thread": 40763517,
"EventTime": "2021-09-06T23:15:00.977336-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:15:01.265993-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468904,
"ParentPID": 6684890,
"Thread": 40763517,
"EventTime": "2021-09-06T23:15:00.977336-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:15:01.266811-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 22:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468904,
"ParentPID": 6684890,
"Thread": 40763517,
"EventTime": "2021-09-06T23:15:00.977336-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:15:01.267575-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468904,
"ParentPID": 6684890,
"Thread": 40763517,
"EventTime": "2021-09-06T23:15:00.977336-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:15:01.268335-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011534476LqIaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11534476,
"ParentPID": 9961668,
"Thread": 37617757,
"EventTime": "2021-09-06T23:18:42.087341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:18:42.111446-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9961676,
"ParentPID": 11468906,
"Thread": 46596323,
"EventTime": "2021-09-06T23:18:42.103074-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:18:42.112204-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9961676,
"ParentPID": 11468906,
"Thread": 46596323,
"EventTime": "2021-09-06T23:18:42.110646-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:18:42.418178-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011534500MaIaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11534500,
"ParentPID": 9961678,
"Thread": 37617781,
"EventTime": "2021-09-06T23:18:42.207341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:18:42.418980-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468908,
"ParentPID": 6684890,
"Thread": 30998781,
"EventTime": "2021-09-06T23:20:00.977466-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:20:01.127848-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468908,
"ParentPID": 6684890,
"Thread": 30998781,
"EventTime": "2021-09-06T23:20:00.977466-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:20:01.128673-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 22:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468908,
"ParentPID": 6684890,
"Thread": 30998781,
"EventTime": "2021-09-06T23:20:00.987470-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:20:01.129447-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468908,
"ParentPID": 6684890,
"Thread": 30998781,
"EventTime": "2021-09-06T23:20:00.987470-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:20:01.130215-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468910,
"ParentPID": 6684890,
"Thread": 33947817,
"EventTime": "2021-09-06T23:25:00.994883-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:25:01.272225-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468910,
"ParentPID": 6684890,
"Thread": 33947817,
"EventTime": "2021-09-06T23:25:00.994883-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:25:01.273017-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 22:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468910,
"ParentPID": 6684890,
"Thread": 33947817,
"EventTime": "2021-09-06T23:25:00.994883-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:25:01.273787-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468910,
"ParentPID": 6684890,
"Thread": 33947817,
"EventTime": "2021-09-06T23:25:00.994883-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:25:01.274589-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468912,
"ParentPID": 6684890,
"Thread": 44171311,
"EventTime": "2021-09-06T23:30:01.004342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:30:01.142102-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468912,
"ParentPID": 6684890,
"Thread": 44171311,
"EventTime": "2021-09-06T23:30:01.004342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:30:01.142939-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 22:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468912,
"ParentPID": 6684890,
"Thread": 44171311,
"EventTime": "2021-09-06T23:30:01.004342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:30:01.143715-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468912,
"ParentPID": 6684890,
"Thread": 44171311,
"EventTime": "2021-09-06T23:30:01.004342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:30:01.144517-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-06T23:33:12.358345-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:33:12.550037-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011534522GaIaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11534522,
"ParentPID": 9961688,
"Thread": 39518401,
"EventTime": "2021-09-06T23:33:42.333523-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:33:42.594838-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9961696,
"ParentPID": 11468916,
"Thread": 45678783,
"EventTime": "2021-09-06T23:33:42.347666-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:33:42.595668-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9961696,
"ParentPID": 11468916,
"Thread": 45678783,
"EventTime": "2021-09-06T23:33:42.353530-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:33:42.596425-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010551414GIEqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10551414,
"ParentPID": 9044040,
"Thread": 44105767,
"EventTime": "2021-09-06T23:33:42.437344-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:33:42.597169-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468918,
"ParentPID": 6684890,
"Thread": 46006337,
"EventTime": "2021-09-06T23:35:00.009624-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:35:00.110829-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468918,
"ParentPID": 6684890,
"Thread": 46006337,
"EventTime": "2021-09-06T23:35:00.009624-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:35:00.111599-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 22:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468918,
"ParentPID": 6684890,
"Thread": 46006337,
"EventTime": "2021-09-06T23:35:00.009624-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:35:00.112358-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468918,
"ParentPID": 6684890,
"Thread": 46006337,
"EventTime": "2021-09-06T23:35:00.009624-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:35:00.113117-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468920,
"ParentPID": 6684890,
"Thread": 31195323,
"EventTime": "2021-09-06T23:40:00.017198-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:40:00.150488-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468920,
"ParentPID": 6684890,
"Thread": 31195323,
"EventTime": "2021-09-06T23:40:00.017198-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:40:00.151003-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 22:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468920,
"ParentPID": 6684890,
"Thread": 31195323,
"EventTime": "2021-09-06T23:40:00.017198-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:40:00.151482-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468920,
"ParentPID": 6684890,
"Thread": 31195323,
"EventTime": "2021-09-06T23:40:00.024340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:40:00.151952-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468924,
"ParentPID": 5439688,
"Thread": 42926331,
"EventTime": "2021-09-06T23:44:12.884270-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:44:13.085099-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9044042.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9044042,
"ParentPID": 11468924,
"Thread": 29360223,
"EventTime": "2021-09-06T23:44:12.885339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:44:13.085596-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9044042",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10551430,
"ParentPID": 9044042,
"Thread": 47185927,
"EventTime": "2021-09-06T23:44:12.906696-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:44:13.086062-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10551430,
"ParentPID": 9044042,
"Thread": 47185927,
"EventTime": "2021-09-06T23:44:12.915354-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:44:13.086553-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551434aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551434,
"ParentPID": 9044042,
"Thread": 47185931,
"EventTime": "2021-09-06T23:44:12.915354-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:44:13.087045-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551434aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551434,
"ParentPID": 9044042,
"Thread": 47185931,
"EventTime": "2021-09-06T23:44:12.915354-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:44:13.087486-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551434aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551434,
"ParentPID": 9044042,
"Thread": 47185931,
"EventTime": "2021-09-06T23:44:12.925339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:44:13.087897-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9044042/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10551436,
"ParentPID": 9044042,
"Thread": 47185933,
"EventTime": "2021-09-06T23:44:12.935522-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:44:13.088293-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9044042",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10551438,
"ParentPID": 9044042,
"Thread": 47185935,
"EventTime": "2021-09-06T23:44:12.935522-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:44:13.088688-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10289168",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 8192168,
"ParentPID": 10289168,
"Thread": 47316995,
"EventTime": "2021-09-06T23:44:12.935522-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:44:13.088982-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8192170,
"ParentPID": 11468924,
"Thread": 47316997,
"EventTime": "2021-09-06T23:44:12.935522-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:44:13.089377-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192170,
"ParentPID": 11468924,
"Thread": 47316997,
"EventTime": "2021-09-06T23:44:12.935522-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:44:13.089768-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468926,
"ParentPID": 6684890,
"Thread": 42926333,
"EventTime": "2021-09-06T23:45:00.025250-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:45:00.259239-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468926,
"ParentPID": 6684890,
"Thread": 42926333,
"EventTime": "2021-09-06T23:45:00.025250-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:45:00.259756-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 22:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468926,
"ParentPID": 6684890,
"Thread": 42926333,
"EventTime": "2021-09-06T23:45:00.025250-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:45:00.260228-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468926,
"ParentPID": 6684890,
"Thread": 42926333,
"EventTime": "2021-09-06T23:45:00.025250-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:45:00.260693-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010289192AADqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10289192,
"ParentPID": 8192182,
"Thread": 20840599,
"EventTime": "2021-09-06T23:48:42.553766-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:48:42.565836-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192190,
"ParentPID": 11468928,
"Thread": 30736493,
"EventTime": "2021-09-06T23:48:42.573774-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:48:42.867233-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev/pts",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192190,
"ParentPID": 11468928,
"Thread": 30736493,
"EventTime": "2021-09-06T23:48:42.576340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:48:42.868050-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010289216BuDqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10289216,
"ParentPID": 8192192,
"Thread": 20840623,
"EventTime": "2021-09-06T23:48:42.673812-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:48:42.868801-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223716,
"ParentPID": 6684890,
"Thread": 42926093,
"EventTime": "2021-09-06T23:50:00.038490-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:50:00.097899-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223716,
"ParentPID": 6684890,
"Thread": 42926093,
"EventTime": "2021-09-06T23:50:00.038490-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:50:00.098738-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 22:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223716,
"ParentPID": 6684890,
"Thread": 42926093,
"EventTime": "2021-09-06T23:50:00.038490-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:50:00.099503-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223716,
"ParentPID": 6684890,
"Thread": 42926093,
"EventTime": "2021-09-06T23:50:00.038490-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:50:00.100249-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223718,
"ParentPID": 6684890,
"Thread": 42139831,
"EventTime": "2021-09-06T23:55:00.043411-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:55:00.292548-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223718,
"ParentPID": 6684890,
"Thread": 42139831,
"EventTime": "2021-09-06T23:55:00.043411-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:55:00.293414-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 22:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223718,
"ParentPID": 6684890,
"Thread": 42139831,
"EventTime": "2021-09-06T23:55:00.053413-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:55:00.294243-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223718,
"ParentPID": 6684890,
"Thread": 42139831,
"EventTime": "2021-09-06T23:55:00.053413-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-06T23:55:00.295014-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223720,
"ParentPID": 6684890,
"Thread": 42926107,
"EventTime": "2021-09-07T00:00:00.059663-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:00:00.092158-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223720,
"ParentPID": 6684890,
"Thread": 42926107,
"EventTime": "2021-09-07T00:00:00.059663-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:00:00.092673-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 23:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223720,
"ParentPID": 6684890,
"Thread": 42926107,
"EventTime": "2021-09-07T00:00:00.059663-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:00:00.093150-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223720,
"ParentPID": 6684890,
"Thread": 42926107,
"EventTime": "2021-09-07T00:00:00.059663-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:00:00.093671-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240648,
"ParentPID": 5439688,
"Thread": 33882189,
"EventTime": "2021-09-07T00:01:25.833897-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:01:25.990929-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240650,
"ParentPID": 5439688,
"Thread": 33882191,
"EventTime": "2021-09-07T00:01:26.101058-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:01:26.291900-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240652,
"ParentPID": 5439688,
"Thread": 33882193,
"EventTime": "2021-09-07T00:01:27.383310-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:01:27.495098-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240654,
"ParentPID": 5439688,
"Thread": 33882195,
"EventTime": "2021-09-07T00:01:31.481184-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:01:31.703006-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240656,
"ParentPID": 5439688,
"Thread": 33882197,
"EventTime": "2021-09-07T00:01:32.663165-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:01:32.914255-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240658,
"ParentPID": 5439688,
"Thread": 33882199,
"EventTime": "2021-09-07T00:01:32.923597-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:01:33.219983-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240660,
"ParentPID": 5439688,
"Thread": 33882201,
"EventTime": "2021-09-07T00:01:38.002362-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:01:38.032969-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240662,
"ParentPID": 5439688,
"Thread": 33882203,
"EventTime": "2021-09-07T00:01:43.231576-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:01:43.452521-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240664,
"ParentPID": 5439688,
"Thread": 33882205,
"EventTime": "2021-09-07T00:01:43.481989-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:01:43.753587-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240666,
"ParentPID": 5439688,
"Thread": 33882207,
"EventTime": "2021-09-07T00:01:43.740339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:01:43.754093-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00104857886aEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485788,
"ParentPID": 10223732,
"Thread": 36765915,
"EventTime": "2021-09-07T00:03:42.747249-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:03:43.004454-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10223740,
"ParentPID": 9240670,
"Thread": 44171355,
"EventTime": "2021-09-07T00:03:42.757252-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:03:43.004952-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC001048581263Eaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485812,
"ParentPID": 10223742,
"Thread": 36765939,
"EventTime": "2021-09-07T00:03:42.825362-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:03:43.005424-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240672,
"ParentPID": 6684890,
"Thread": 31653959,
"EventTime": "2021-09-07T00:05:00.060264-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:05:00.188875-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240672,
"ParentPID": 6684890,
"Thread": 31653959,
"EventTime": "2021-09-07T00:05:00.060264-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:05:00.189383-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 23:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240672,
"ParentPID": 6684890,
"Thread": 31653959,
"EventTime": "2021-09-07T00:05:00.063339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:05:00.189844-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240672,
"ParentPID": 6684890,
"Thread": 31653959,
"EventTime": "2021-09-07T00:05:00.063339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:05:00.190303-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240674,
"ParentPID": 5439688,
"Thread": 33882217,
"EventTime": "2021-09-07T00:05:04.223339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:05:04.398420-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10223744.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10223744,
"ParentPID": 9240674,
"Thread": 42336443,
"EventTime": "2021-09-07T00:05:04.350904-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:05:04.398884-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10223744",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10485828,
"ParentPID": 10223744,
"Thread": 28573891,
"EventTime": "2021-09-07T00:05:04.367828-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:05:04.399331-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10485828,
"ParentPID": 10223744,
"Thread": 28573891,
"EventTime": "2021-09-07T00:05:04.373339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:05:04.399775-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485832aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485832,
"ParentPID": 10223744,
"Thread": 28573895,
"EventTime": "2021-09-07T00:05:04.380695-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:05:04.400210-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485832aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485832,
"ParentPID": 10223744,
"Thread": 28573895,
"EventTime": "2021-09-07T00:05:04.380695-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:05:04.400644-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485832aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485832,
"ParentPID": 10223744,
"Thread": 28573895,
"EventTime": "2021-09-07T00:05:04.383340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:05:04.401046-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10223744/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10485838,
"ParentPID": 10223744,
"Thread": 28573901,
"EventTime": "2021-09-07T00:05:04.390239-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:05:04.401439-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10223744",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10485840,
"ParentPID": 10223744,
"Thread": 28573903,
"EventTime": "2021-09-07T00:05:04.390239-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:05:04.401830-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10223746,
"ParentPID": 9240674,
"Thread": 42336445,
"EventTime": "2021-09-07T00:05:04.393340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:05:04.402223-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223746,
"ParentPID": 9240674,
"Thread": 42336445,
"EventTime": "2021-09-07T00:05:04.393340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:05:04.402614-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240676,
"ParentPID": 5439688,
"Thread": 31653973,
"EventTime": "2021-09-07T00:08:12.156339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:12.432530-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240678,
"ParentPID": 5439688,
"Thread": 31653975,
"EventTime": "2021-09-07T00:08:12.486339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:12.736895-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10223748.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10223748,
"ParentPID": 9240678,
"Thread": 42336447,
"EventTime": "2021-09-07T00:08:12.622293-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:12.737393-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10223748",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10485856,
"ParentPID": 10223748,
"Thread": 28573919,
"EventTime": "2021-09-07T00:08:12.642325-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:12.737843-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10485856,
"ParentPID": 10223748,
"Thread": 28573919,
"EventTime": "2021-09-07T00:08:12.646339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:12.738286-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485860aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485860,
"ParentPID": 10223748,
"Thread": 28573923,
"EventTime": "2021-09-07T00:08:12.652327-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:12.738718-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485860aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485860,
"ParentPID": 10223748,
"Thread": 28573923,
"EventTime": "2021-09-07T00:08:12.652327-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:12.739156-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485860aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485860,
"ParentPID": 10223748,
"Thread": 28573923,
"EventTime": "2021-09-07T00:08:12.656340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:12.739564-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10223748/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10485862,
"ParentPID": 10223748,
"Thread": 28573925,
"EventTime": "2021-09-07T00:08:12.666339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:12.739959-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10223748",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10485864,
"ParentPID": 10223748,
"Thread": 28573927,
"EventTime": "2021-09-07T00:08:12.666339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:12.740351-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.04718746",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10748012,
"ParentPID": 4718746,
"Thread": 40239249,
"EventTime": "2021-09-07T00:08:12.666339-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:12.740643-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10223750,
"ParentPID": 9240678,
"Thread": 42336449,
"EventTime": "2021-09-07T00:08:12.672332-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:12.741039-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223750,
"ParentPID": 9240678,
"Thread": 42336449,
"EventTime": "2021-09-07T00:08:12.672332-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:12.741428-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718748,
"ParentPID": 5439688,
"Thread": 40829163,
"EventTime": "2021-09-07T00:08:13.113113-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:13.342865-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9240680.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9240680,
"ParentPID": 4718748,
"Thread": 31653977,
"EventTime": "2021-09-07T00:08:13.241691-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:13.343358-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9240680",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10223766,
"ParentPID": 9240680,
"Thread": 42336465,
"EventTime": "2021-09-07T00:08:13.256339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:13.343829-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10223766,
"ParentPID": 9240680,
"Thread": 42336465,
"EventTime": "2021-09-07T00:08:13.266339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:13.344272-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223770aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223770,
"ParentPID": 9240680,
"Thread": 42336469,
"EventTime": "2021-09-07T00:08:13.273336-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:13.344703-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223770aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223770,
"ParentPID": 9240680,
"Thread": 42336469,
"EventTime": "2021-09-07T00:08:13.273336-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:13.345137-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223770aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223770,
"ParentPID": 9240680,
"Thread": 42336469,
"EventTime": "2021-09-07T00:08:13.276339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:13.345543-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9240680/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10223772,
"ParentPID": 9240680,
"Thread": 42336471,
"EventTime": "2021-09-07T00:08:13.276339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:13.345937-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9240680",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10223774,
"ParentPID": 9240680,
"Thread": 42336473,
"EventTime": "2021-09-07T00:08:13.283339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:13.346330-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9240682,
"ParentPID": 4718748,
"Thread": 31653979,
"EventTime": "2021-09-07T00:08:13.286340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:13.346737-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240682,
"ParentPID": 4718748,
"Thread": 31653979,
"EventTime": "2021-09-07T00:08:13.286340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:13.347136-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718750,
"ParentPID": 5439688,
"Thread": 42139851,
"EventTime": "2021-09-07T00:08:14.706339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:14.857989-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9240684.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9240684,
"ParentPID": 4718750,
"Thread": 38469781,
"EventTime": "2021-09-07T00:08:14.856339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:15.160193-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9240684",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10223790,
"ParentPID": 9240684,
"Thread": 20906209,
"EventTime": "2021-09-07T00:08:14.876339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:15.160695-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10223790,
"ParentPID": 9240684,
"Thread": 20906209,
"EventTime": "2021-09-07T00:08:14.881844-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:15.161148-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223794aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223794,
"ParentPID": 9240684,
"Thread": 20906213,
"EventTime": "2021-09-07T00:08:14.887300-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:15.161595-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223794aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223794,
"ParentPID": 9240684,
"Thread": 20906213,
"EventTime": "2021-09-07T00:08:14.887300-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:15.162027-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223794aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223794,
"ParentPID": 9240684,
"Thread": 20906213,
"EventTime": "2021-09-07T00:08:14.887300-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:15.162465-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9240684/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10223796,
"ParentPID": 9240684,
"Thread": 20906215,
"EventTime": "2021-09-07T00:08:14.896339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:15.162876-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9240684",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10223798,
"ParentPID": 9240684,
"Thread": 20906217,
"EventTime": "2021-09-07T00:08:14.896339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:15.163276-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9240686,
"ParentPID": 4718750,
"Thread": 38469783,
"EventTime": "2021-09-07T00:08:14.896339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:15.163673-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240686,
"ParentPID": 4718750,
"Thread": 38469783,
"EventTime": "2021-09-07T00:08:14.896339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:15.164068-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718752,
"ParentPID": 5439688,
"Thread": 42139853,
"EventTime": "2021-09-07T00:08:25.356339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:25.384822-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718754,
"ParentPID": 5439688,
"Thread": 42139855,
"EventTime": "2021-09-07T00:08:26.766632-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:26.897410-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718756,
"ParentPID": 5439688,
"Thread": 42139857,
"EventTime": "2021-09-07T00:08:28.188055-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:28.402663-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718758,
"ParentPID": 5439688,
"Thread": 42139859,
"EventTime": "2021-09-07T00:08:29.645339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:29.911535-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9240688.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9240688,
"ParentPID": 4718758,
"Thread": 38469785,
"EventTime": "2021-09-07T00:08:29.783219-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:29.912033-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9240688",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10223814,
"ParentPID": 9240688,
"Thread": 47906985,
"EventTime": "2021-09-07T00:08:29.800789-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:29.912484-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10223814,
"ParentPID": 9240688,
"Thread": 47906985,
"EventTime": "2021-09-07T00:08:29.805339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:29.912923-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223818aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223818,
"ParentPID": 9240688,
"Thread": 47906989,
"EventTime": "2021-09-07T00:08:29.810792-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:29.913349-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223818aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223818,
"ParentPID": 9240688,
"Thread": 47906989,
"EventTime": "2021-09-07T00:08:29.815340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:29.913784-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223818aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223818,
"ParentPID": 9240688,
"Thread": 47906989,
"EventTime": "2021-09-07T00:08:29.815340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:29.914196-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9240688/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10223820,
"ParentPID": 9240688,
"Thread": 47906991,
"EventTime": "2021-09-07T00:08:29.820795-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:29.914594-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9240688",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10223822,
"ParentPID": 9240688,
"Thread": 47906993,
"EventTime": "2021-09-07T00:08:29.825339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:29.914991-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9240690,
"ParentPID": 4718758,
"Thread": 38469787,
"EventTime": "2021-09-07T00:08:29.825339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:29.915406-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240690,
"ParentPID": 4718758,
"Thread": 38469787,
"EventTime": "2021-09-07T00:08:29.825339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:29.915807-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718760,
"ParentPID": 5439688,
"Thread": 42139861,
"EventTime": "2021-09-07T00:08:31.133403-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:31.434023-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9240692.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9240692,
"ParentPID": 4718760,
"Thread": 38469789,
"EventTime": "2021-09-07T00:08:31.265342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:31.434531-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9240692",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10223838,
"ParentPID": 9240692,
"Thread": 47907009,
"EventTime": "2021-09-07T00:08:31.285340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:31.434987-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10223838,
"ParentPID": 9240692,
"Thread": 47907009,
"EventTime": "2021-09-07T00:08:31.295340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:31.435462-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223842aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223842,
"ParentPID": 9240692,
"Thread": 47907013,
"EventTime": "2021-09-07T00:08:31.303724-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:31.435913-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223842aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223842,
"ParentPID": 9240692,
"Thread": 47907013,
"EventTime": "2021-09-07T00:08:31.305340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:31.436394-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223842aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223842,
"ParentPID": 9240692,
"Thread": 47907013,
"EventTime": "2021-09-07T00:08:31.305340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:31.436816-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9240692/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10223844,
"ParentPID": 9240692,
"Thread": 47907015,
"EventTime": "2021-09-07T00:08:31.305340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:31.437221-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9240692",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10223846,
"ParentPID": 9240692,
"Thread": 47907017,
"EventTime": "2021-09-07T00:08:31.313727-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:31.437626-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9240694,
"ParentPID": 4718760,
"Thread": 38469791,
"EventTime": "2021-09-07T00:08:31.315612-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:31.438029-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240694,
"ParentPID": 4718760,
"Thread": 38469791,
"EventTime": "2021-09-07T00:08:31.315612-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:31.438431-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718762,
"ParentPID": 5439688,
"Thread": 42139863,
"EventTime": "2021-09-07T00:08:32.596113-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:32.645918-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718764,
"ParentPID": 5439688,
"Thread": 42139865,
"EventTime": "2021-09-07T00:08:50.577585-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:50.663821-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9240696.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9240696,
"ParentPID": 4718764,
"Thread": 38469793,
"EventTime": "2021-09-07T00:08:50.735339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:50.964684-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9240696",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10223862,
"ParentPID": 9240696,
"Thread": 47907033,
"EventTime": "2021-09-07T00:08:50.755340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:50.965179-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10223862,
"ParentPID": 9240696,
"Thread": 47907033,
"EventTime": "2021-09-07T00:08:50.757854-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:50.965650-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223866aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223866,
"ParentPID": 9240696,
"Thread": 47907037,
"EventTime": "2021-09-07T00:08:50.765339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:50.966098-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223866aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223866,
"ParentPID": 9240696,
"Thread": 47907037,
"EventTime": "2021-09-07T00:08:50.767857-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:50.966560-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223866aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223866,
"ParentPID": 9240696,
"Thread": 47907037,
"EventTime": "2021-09-07T00:08:50.767857-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:50.967003-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9240696/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10223868,
"ParentPID": 9240696,
"Thread": 47907039,
"EventTime": "2021-09-07T00:08:50.775339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:50.967413-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9240696",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10223870,
"ParentPID": 9240696,
"Thread": 47907041,
"EventTime": "2021-09-07T00:08:50.777859-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:50.967812-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9240698,
"ParentPID": 4718764,
"Thread": 38469795,
"EventTime": "2021-09-07T00:08:50.777859-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:50.968223-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240698,
"ParentPID": 4718764,
"Thread": 38469795,
"EventTime": "2021-09-07T00:08:50.777859-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:50.968619-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.04718766",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9240700,
"ParentPID": 4718766,
"Thread": 38469797,
"EventTime": "2021-09-07T00:08:50.787861-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:08:50.968910-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 4718768,
"ParentPID": 6684890,
"Thread": 44957733,
"EventTime": "2021-09-07T00:10:00.062340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:10:00.356830-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 4718768,
"ParentPID": 6684890,
"Thread": 44957733,
"EventTime": "2021-09-07T00:10:00.062340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:10:00.357339-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 23:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 4718768,
"ParentPID": 6684890,
"Thread": 44957733,
"EventTime": "2021-09-07T00:10:00.065714-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:10:00.357803-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 4718768,
"ParentPID": 6684890,
"Thread": 44957733,
"EventTime": "2021-09-07T00:10:00.065714-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:10:00.358257-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 4718770,
"ParentPID": 6684890,
"Thread": 42336479,
"EventTime": "2021-09-07T00:15:00.068361-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:15:00.119011-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 4718770,
"ParentPID": 6684890,
"Thread": 42336479,
"EventTime": "2021-09-07T00:15:00.068361-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:15:00.119519-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 23:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 4718770,
"ParentPID": 6684890,
"Thread": 42336479,
"EventTime": "2021-09-07T00:15:00.068361-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:15:00.119986-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 4718770,
"ParentPID": 6684890,
"Thread": 42336479,
"EventTime": "2021-09-07T00:15:00.068361-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:15:00.120442-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223636ziDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223636,
"ParentPID": 9240710,
"Thread": 27656427,
"EventTime": "2021-09-07T00:18:42.894339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:18:43.004851-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9240718,
"ParentPID": 4718772,
"Thread": 36962329,
"EventTime": "2021-09-07T00:18:42.904339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:18:43.005365-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223660zADaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223660,
"ParentPID": 9240720,
"Thread": 27656195,
"EventTime": "2021-09-07T00:18:42.964339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:18:43.005864-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 4718774,
"ParentPID": 6684890,
"Thread": 44826841,
"EventTime": "2021-09-07T00:20:00.072339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:20:00.211702-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 4718774,
"ParentPID": 6684890,
"Thread": 44826841,
"EventTime": "2021-09-07T00:20:00.072339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:20:00.212219-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 23:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 4718774,
"ParentPID": 6684890,
"Thread": 44826841,
"EventTime": "2021-09-07T00:20:00.072339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:20:00.212715-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 4718774,
"ParentPID": 6684890,
"Thread": 44826841,
"EventTime": "2021-09-07T00:20:00.072339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:20:00.213182-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 4718776,
"ParentPID": 6684890,
"Thread": 40829173,
"EventTime": "2021-09-07T00:25:00.072972-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:25:00.319266-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 4718776,
"ParentPID": 6684890,
"Thread": 40829173,
"EventTime": "2021-09-07T00:25:00.072972-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:25:00.319772-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 23:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 4718776,
"ParentPID": 6684890,
"Thread": 40829173,
"EventTime": "2021-09-07T00:25:00.072972-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:25:00.320239-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 4718776,
"ParentPID": 6684890,
"Thread": 40829173,
"EventTime": "2021-09-07T00:25:00.072972-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:25:00.320694-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 4718778,
"ParentPID": 6684890,
"Thread": 40828933,
"EventTime": "2021-09-07T00:30:00.075855-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:30:00.358005-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 4718778,
"ParentPID": 6684890,
"Thread": 40828933,
"EventTime": "2021-09-07T00:30:00.075855-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:30:00.358516-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 23:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 4718778,
"ParentPID": 6684890,
"Thread": 40828933,
"EventTime": "2021-09-07T00:30:00.075855-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:30:00.358982-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 4718778,
"ParentPID": 6684890,
"Thread": 40828933,
"EventTime": "2021-09-07T00:30:00.075855-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:30:00.359438-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-07T00:33:12.235339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:33:12.320599-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223682tmDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223682,
"ParentPID": 9240730,
"Thread": 42663971,
"EventTime": "2021-09-07T00:33:43.039579-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:33:43.261758-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9240738,
"ParentPID": 4718782,
"Thread": 45416521,
"EventTime": "2021-09-07T00:33:43.050924-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:33:43.262265-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223706tEDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223706,
"ParentPID": 9240740,
"Thread": 42663995,
"EventTime": "2021-09-07T00:33:43.113564-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:33:43.262715-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 4718784,
"ParentPID": 6684890,
"Thread": 40828945,
"EventTime": "2021-09-07T00:35:00.081341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:35:00.164966-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 4718784,
"ParentPID": 6684890,
"Thread": 40828945,
"EventTime": "2021-09-07T00:35:00.081341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:35:00.165471-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 23:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 4718784,
"ParentPID": 6684890,
"Thread": 40828945,
"EventTime": "2021-09-07T00:35:00.081341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:35:00.165937-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 4718784,
"ParentPID": 6684890,
"Thread": 40828945,
"EventTime": "2021-09-07T00:35:00.081341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:35:00.166386-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718786,
"ParentPID": 5439688,
"Thread": 44957753,
"EventTime": "2021-09-07T00:38:50.324812-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:38:50.596470-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 4718788,
"ParentPID": 6684890,
"Thread": 40828961,
"EventTime": "2021-09-07T00:40:00.087910-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:40:00.318403-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 4718788,
"ParentPID": 6684890,
"Thread": 40828961,
"EventTime": "2021-09-07T00:40:00.087910-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:40:00.319180-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 23:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 4718788,
"ParentPID": 6684890,
"Thread": 40828961,
"EventTime": "2021-09-07T00:40:00.087910-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:40:00.319935-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 4718788,
"ParentPID": 6684890,
"Thread": 40828961,
"EventTime": "2021-09-07T00:40:00.091340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:40:00.320664-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 4718790,
"ParentPID": 6684890,
"Thread": 42205217,
"EventTime": "2021-09-07T00:45:00.099179-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:45:00.195228-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 4718790,
"ParentPID": 6684890,
"Thread": 42205217,
"EventTime": "2021-09-07T00:45:00.099179-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:45:00.195995-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 23:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 4718790,
"ParentPID": 6684890,
"Thread": 42205217,
"EventTime": "2021-09-07T00:45:00.100505-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:45:00.196749-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 4718790,
"ParentPID": 6684890,
"Thread": 42205217,
"EventTime": "2021-09-07T00:45:00.100505-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:45:00.197485-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223728nADaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223728,
"ParentPID": 9240750,
"Thread": 20905999,
"EventTime": "2021-09-07T00:48:43.233342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:48:43.472674-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9240758,
"ParentPID": 4718792,
"Thread": 39518429,
"EventTime": "2021-09-07T00:48:43.251375-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:48:43.473533-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223752ouDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223752,
"ParentPID": 9240760,
"Thread": 20906023,
"EventTime": "2021-09-07T00:48:43.343340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:48:43.474289-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240762,
"ParentPID": 6684890,
"Thread": 39321643,
"EventTime": "2021-09-07T00:50:00.106840-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:50:00.397517-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240762,
"ParentPID": 6684890,
"Thread": 39321643,
"EventTime": "2021-09-07T00:50:00.106840-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:50:00.398287-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 23:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240762,
"ParentPID": 6684890,
"Thread": 39321643,
"EventTime": "2021-09-07T00:50:00.106840-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:50:00.399045-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240762,
"ParentPID": 6684890,
"Thread": 39321643,
"EventTime": "2021-09-07T00:50:00.111341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:50:00.399776-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240764,
"ParentPID": 6684890,
"Thread": 39321655,
"EventTime": "2021-09-07T00:55:00.120342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:55:00.310780-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240764,
"ParentPID": 6684890,
"Thread": 39321655,
"EventTime": "2021-09-07T00:55:00.120342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:55:00.311606-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /var/perf/pm/bin/pmcfg >/dev/null 2>&1 #Enable PM Data Collection time = Mon Aug 16 23:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240764,
"ParentPID": 6684890,
"Thread": 39321655,
"EventTime": "2021-09-07T00:55:00.120342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:55:00.312360-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240764,
"ParentPID": 6684890,
"Thread": 39321655,
"EventTime": "2021-09-07T00:55:00.120342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:55:00.313093-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 4718794,
"ParentPID": 6684890,
"Thread": 28901473,
"EventTime": "2021-09-07T00:55:00.130341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:55:00.313811-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 4718794,
"ParentPID": 6684890,
"Thread": 28901473,
"EventTime": "2021-09-07T00:55:00.130341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:55:00.314539-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Mon Aug 16 23:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 4718794,
"ParentPID": 6684890,
"Thread": 28901473,
"EventTime": "2021-09-07T00:55:00.130341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:55:00.315242-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 4718794,
"ParentPID": 6684890,
"Thread": 28901473,
"EventTime": "2021-09-07T00:55:00.130341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:55:00.315906-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10223754",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10748132,
"ParentPID": 10223754,
"Thread": 29949979,
"EventTime": "2021-09-07T00:55:00.150341-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:55:00.316391-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/perf/daily/persistent.db",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "topasout",
"PID": 4718796,
"ParentPID": 10223768,
"Thread": 28901475,
"EventTime": "2021-09-07T00:55:00.210342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:55:00.317038-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /var/perf/pm/daily",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "find",
"PID": 10223774,
"ParentPID": 9240764,
"Thread": 29032665,
"EventTime": "2021-09-07T00:55:00.230342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:55:00.317698-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: p1220-pvm1",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "find",
"PID": 10223774,
"ParentPID": 9240764,
"Thread": 29032665,
"EventTime": "2021-09-07T00:55:00.230342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:55:00.318345-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: ..",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "find",
"PID": 10223774,
"ParentPID": 9240764,
"Thread": 29032665,
"EventTime": "2021-09-07T00:55:00.230342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:55:00.318993-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/perf/pm/daily/p1220-pvm1/pm_process.2021.08.13.Fri",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10748136,
"ParentPID": 4718800,
"Thread": 29360237,
"EventTime": "2021-09-07T00:55:00.240343-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:55:00.319630-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/perf/daily/persistent.db",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "topasout",
"PID": 9371798,
"ParentPID": 10748144,
"Thread": 37355761,
"EventTime": "2021-09-07T00:55:00.300340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:55:00.320284-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10289218,
"ParentPID": 11468930,
"Thread": 42205235,
"EventTime": "2021-09-07T00:55:00.350340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:55:00.621251-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10289220,
"ParentPID": 11468932,
"Thread": 42205237,
"EventTime": "2021-09-07T00:55:00.370417-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T00:55:00.622058-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371806,
"ParentPID": 6684890,
"Thread": 37355527,
"EventTime": "2021-09-07T01:00:00.404313-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:00:00.538447-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371806,
"ParentPID": 6684890,
"Thread": 37355527,
"EventTime": "2021-09-07T01:00:00.404313-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:00:00.539272-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 00:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371806,
"ParentPID": 6684890,
"Thread": 37355527,
"EventTime": "2021-09-07T01:00:00.404313-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:00:00.540028-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371806,
"ParentPID": 6684890,
"Thread": 37355527,
"EventTime": "2021-09-07T01:00:00.404313-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:00:00.540892-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /etc/perf/daily/persistent_local",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "topasrec",
"PID": 5308582,
"ParentPID": 1,
"Thread": 20316271,
"EventTime": "2021-09-07T01:00:43.365546-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:00:43.495245-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718818,
"ParentPID": 5439688,
"Thread": 32833741,
"EventTime": "2021-09-07T01:01:29.900344-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:01:30.091267-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718820,
"ParentPID": 5439688,
"Thread": 32833743,
"EventTime": "2021-09-07T01:01:30.167339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:01:30.397857-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718822,
"ParentPID": 5439688,
"Thread": 32833745,
"EventTime": "2021-09-07T01:01:35.467339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:01:35.509416-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718824,
"ParentPID": 5439688,
"Thread": 32833747,
"EventTime": "2021-09-07T01:01:36.588003-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:01:36.712860-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718826,
"ParentPID": 5439688,
"Thread": 32833749,
"EventTime": "2021-09-07T01:01:36.847339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:01:37.017869-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718828,
"ParentPID": 5439688,
"Thread": 32833751,
"EventTime": "2021-09-07T01:01:41.991599-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:01:42.128940-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718830,
"ParentPID": 5439688,
"Thread": 32833753,
"EventTime": "2021-09-07T01:01:47.066339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:01:47.250629-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718832,
"ParentPID": 5439688,
"Thread": 32833755,
"EventTime": "2021-09-07T01:01:47.320170-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:01:47.556845-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718834,
"ParentPID": 5439688,
"Thread": 32833757,
"EventTime": "2021-09-07T01:01:47.570581-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:01:47.859879-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718836,
"ParentPID": 5439688,
"Thread": 32833759,
"EventTime": "2021-09-07T01:01:47.841032-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:01:47.860348-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485946ieEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485946,
"ParentPID": 9371818,
"Thread": 45219999,
"EventTime": "2021-09-07T01:03:43.436251-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:03:43.479082-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9371826,
"ParentPID": 4718840,
"Thread": 32243867,
"EventTime": "2021-09-07T01:03:43.443339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:03:43.479505-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009371848i70Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371848,
"ParentPID": 10747904,
"Thread": 32243889,
"EventTime": "2021-09-07T01:03:43.503339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:03:43.783071-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 4718842,
"ParentPID": 6684890,
"Thread": 46006371,
"EventTime": "2021-09-07T01:05:00.410340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:05:00.672719-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 4718842,
"ParentPID": 6684890,
"Thread": 46006371,
"EventTime": "2021-09-07T01:05:00.410340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:05:00.673178-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 00:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 4718842,
"ParentPID": 6684890,
"Thread": 46006371,
"EventTime": "2021-09-07T01:05:00.410340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:05:00.673642-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 4718842,
"ParentPID": 6684890,
"Thread": 46006371,
"EventTime": "2021-09-07T01:05:00.410340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:05:00.674103-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718844,
"ParentPID": 5439688,
"Thread": 32833769,
"EventTime": "2021-09-07T01:05:06.560339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:05:06.690133-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10747906.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10747906,
"ParentPID": 4718844,
"Thread": 45678807,
"EventTime": "2021-09-07T01:05:06.690353-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:05:06.990912-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10747906",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9371864,
"ParentPID": 10747906,
"Thread": 33882265,
"EventTime": "2021-09-07T01:05:06.710339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:05:06.991385-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9371864,
"ParentPID": 10747906,
"Thread": 33882265,
"EventTime": "2021-09-07T01:05:06.716560-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:05:06.991846-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9371868aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9371868,
"ParentPID": 10747906,
"Thread": 33882269,
"EventTime": "2021-09-07T01:05:06.720339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:05:06.992302-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9371868aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9371868,
"ParentPID": 10747906,
"Thread": 33882269,
"EventTime": "2021-09-07T01:05:06.720339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:05:06.992749-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9371868aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9371868,
"ParentPID": 10747906,
"Thread": 33882269,
"EventTime": "2021-09-07T01:05:06.725056-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:05:06.993203-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10747906/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9371870,
"ParentPID": 10747906,
"Thread": 33882271,
"EventTime": "2021-09-07T01:05:06.730339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:05:06.993643-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10747906",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9371872,
"ParentPID": 10747906,
"Thread": 33882273,
"EventTime": "2021-09-07T01:05:06.730339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:05:06.994069-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10747908,
"ParentPID": 4718844,
"Thread": 45678809,
"EventTime": "2021-09-07T01:05:06.730339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:05:06.994487-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10747908,
"ParentPID": 4718844,
"Thread": 45678809,
"EventTime": "2021-09-07T01:05:06.730339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:05:06.994899-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718846,
"ParentPID": 5439688,
"Thread": 46006385,
"EventTime": "2021-09-07T01:08:01.399971-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:01.515928-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718592,
"ParentPID": 5439688,
"Thread": 46006387,
"EventTime": "2021-09-07T01:08:02.011036-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:02.121778-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10747910.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10747910,
"ParentPID": 4718592,
"Thread": 45678811,
"EventTime": "2021-09-07T01:08:02.138417-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:02.424880-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10747910",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9371888,
"ParentPID": 10747910,
"Thread": 33882289,
"EventTime": "2021-09-07T01:08:02.154339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:02.425374-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9371888,
"ParentPID": 10747910,
"Thread": 33882289,
"EventTime": "2021-09-07T01:08:02.164339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:02.425833-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9371892aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9371892,
"ParentPID": 10747910,
"Thread": 33882293,
"EventTime": "2021-09-07T01:08:02.165669-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:02.426285-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9371892aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9371892,
"ParentPID": 10747910,
"Thread": 33882293,
"EventTime": "2021-09-07T01:08:02.171255-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:02.426729-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9371892aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9371892,
"ParentPID": 10747910,
"Thread": 33882293,
"EventTime": "2021-09-07T01:08:02.174340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:02.427167-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10747910/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9371894,
"ParentPID": 10747910,
"Thread": 33882295,
"EventTime": "2021-09-07T01:08:02.175156-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:02.427599-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10747910",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9371896,
"ParentPID": 10747910,
"Thread": 33882297,
"EventTime": "2021-09-07T01:08:02.181257-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:02.428008-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10747912,
"ParentPID": 4718592,
"Thread": 45678813,
"EventTime": "2021-09-07T01:08:02.181257-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:02.428408-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10747912,
"ParentPID": 4718592,
"Thread": 45678813,
"EventTime": "2021-09-07T01:08:02.181257-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:02.428805-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718594,
"ParentPID": 5439688,
"Thread": 46006389,
"EventTime": "2021-09-07T01:08:02.612012-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:02.732729-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10747914.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10747914,
"ParentPID": 4718594,
"Thread": 45678815,
"EventTime": "2021-09-07T01:08:02.734356-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:03.034890-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10747914",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9371656,
"ParentPID": 10747914,
"Thread": 33882313,
"EventTime": "2021-09-07T01:08:02.754339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:03.035392-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9371656,
"ParentPID": 10747914,
"Thread": 33882313,
"EventTime": "2021-09-07T01:08:02.766051-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:03.035858-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9371660aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9371660,
"ParentPID": 10747914,
"Thread": 33882317,
"EventTime": "2021-09-07T01:08:02.772233-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:03.036315-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9371660aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9371660,
"ParentPID": 10747914,
"Thread": 33882317,
"EventTime": "2021-09-07T01:08:02.772233-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:03.036765-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9371660aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9371660,
"ParentPID": 10747914,
"Thread": 33882317,
"EventTime": "2021-09-07T01:08:02.774339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:03.037207-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10747914/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9371666,
"ParentPID": 10747914,
"Thread": 33882323,
"EventTime": "2021-09-07T01:08:02.784339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:03.037637-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10485998",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 8978502,
"ParentPID": 10485998,
"Thread": 28573713,
"EventTime": "2021-09-07T01:08:02.784339-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:03.037943-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10747914",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9371668,
"ParentPID": 10747914,
"Thread": 33882325,
"EventTime": "2021-09-07T01:08:02.784339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:03.038347-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10747916,
"ParentPID": 4718594,
"Thread": 45678817,
"EventTime": "2021-09-07T01:08:02.792237-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:03.038749-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10747916,
"ParentPID": 4718594,
"Thread": 45678817,
"EventTime": "2021-09-07T01:08:02.792237-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:03.039150-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718596,
"ParentPID": 5439688,
"Thread": 46006391,
"EventTime": "2021-09-07T01:08:03.916523-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:03.944691-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10747918.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10747918,
"ParentPID": 4718596,
"Thread": 45678819,
"EventTime": "2021-09-07T01:08:04.044339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:04.254903-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10747918",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10486014,
"ParentPID": 10747918,
"Thread": 39518259,
"EventTime": "2021-09-07T01:08:04.066574-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:04.255416-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10486014,
"ParentPID": 10747918,
"Thread": 39518259,
"EventTime": "2021-09-07T01:08:04.074346-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:04.255872-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485762aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485762,
"ParentPID": 10747918,
"Thread": 39518263,
"EventTime": "2021-09-07T01:08:04.074346-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:04.256317-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485762aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485762,
"ParentPID": 10747918,
"Thread": 39518263,
"EventTime": "2021-09-07T01:08:04.074346-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:04.256757-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485762aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485762,
"ParentPID": 10747918,
"Thread": 39518263,
"EventTime": "2021-09-07T01:08:04.084347-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:04.257196-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10747918/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10485764,
"ParentPID": 10747918,
"Thread": 39518265,
"EventTime": "2021-09-07T01:08:04.084347-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:04.257624-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10747918",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10485766,
"ParentPID": 10747918,
"Thread": 39518267,
"EventTime": "2021-09-07T01:08:04.091331-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:04.258028-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10747920,
"ParentPID": 4718596,
"Thread": 45678821,
"EventTime": "2021-09-07T01:08:04.094349-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:04.258426-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10747920,
"ParentPID": 4718596,
"Thread": 45678821,
"EventTime": "2021-09-07T01:08:04.094349-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:04.258824-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718598,
"ParentPID": 5439688,
"Thread": 23855239,
"EventTime": "2021-09-07T01:08:15.834012-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:15.983908-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718600,
"ParentPID": 5439688,
"Thread": 23855241,
"EventTime": "2021-09-07T01:08:17.213339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:17.487431-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718602,
"ParentPID": 5439688,
"Thread": 23855243,
"EventTime": "2021-09-07T01:08:18.588773-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:18.699494-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718604,
"ParentPID": 5439688,
"Thread": 23855245,
"EventTime": "2021-09-07T01:08:19.963339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:20.212121-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10747922.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10747922,
"ParentPID": 4718604,
"Thread": 40108205,
"EventTime": "2021-09-07T01:08:20.091397-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:20.212614-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10747922",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10485782,
"ParentPID": 10747922,
"Thread": 23658627,
"EventTime": "2021-09-07T01:08:20.111401-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:20.213064-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10485782,
"ParentPID": 10747922,
"Thread": 23658627,
"EventTime": "2021-09-07T01:08:20.113450-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:20.213526-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485786aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485786,
"ParentPID": 10747922,
"Thread": 23658631,
"EventTime": "2021-09-07T01:08:20.121403-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:20.213971-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485786aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485786,
"ParentPID": 10747922,
"Thread": 23658631,
"EventTime": "2021-09-07T01:08:20.123339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:20.214439-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485786aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485786,
"ParentPID": 10747922,
"Thread": 23658631,
"EventTime": "2021-09-07T01:08:20.124817-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:20.214873-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10747922/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10485788,
"ParentPID": 10747922,
"Thread": 23658633,
"EventTime": "2021-09-07T01:08:20.131430-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:20.215273-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10747922",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10485790,
"ParentPID": 10747922,
"Thread": 23658635,
"EventTime": "2021-09-07T01:08:20.133356-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:20.215668-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10747924,
"ParentPID": 4718604,
"Thread": 40108207,
"EventTime": "2021-09-07T01:08:20.133356-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:20.216064-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10747924,
"ParentPID": 4718604,
"Thread": 40108207,
"EventTime": "2021-09-07T01:08:20.133356-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:20.216457-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718606,
"ParentPID": 5439688,
"Thread": 23855247,
"EventTime": "2021-09-07T01:08:21.383640-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:21.423916-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10747926.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10747926,
"ParentPID": 4718606,
"Thread": 40108209,
"EventTime": "2021-09-07T01:08:21.513839-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:21.724707-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10747926",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10485806,
"ParentPID": 10747926,
"Thread": 23658651,
"EventTime": "2021-09-07T01:08:21.533842-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:21.725235-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10485806,
"ParentPID": 10747926,
"Thread": 23658651,
"EventTime": "2021-09-07T01:08:21.533842-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:21.725733-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485810aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485810,
"ParentPID": 10747926,
"Thread": 23658655,
"EventTime": "2021-09-07T01:08:21.543844-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:21.726192-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485810aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485810,
"ParentPID": 10747926,
"Thread": 23658655,
"EventTime": "2021-09-07T01:08:21.543844-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:21.726632-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485810aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485810,
"ParentPID": 10747926,
"Thread": 23658655,
"EventTime": "2021-09-07T01:08:21.543844-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:21.727070-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10747926/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10485812,
"ParentPID": 10747926,
"Thread": 23658657,
"EventTime": "2021-09-07T01:08:21.553846-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:21.727497-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10747926",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10485814,
"ParentPID": 10747926,
"Thread": 23658659,
"EventTime": "2021-09-07T01:08:21.553846-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:21.727902-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10747928,
"ParentPID": 4718606,
"Thread": 40108211,
"EventTime": "2021-09-07T01:08:21.553846-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:21.728298-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10747928,
"ParentPID": 4718606,
"Thread": 40108211,
"EventTime": "2021-09-07T01:08:21.553846-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:21.728693-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718608,
"ParentPID": 5439688,
"Thread": 23855249,
"EventTime": "2021-09-07T01:08:22.813339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:08:22.929758-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 4718610,
"ParentPID": 6684890,
"Thread": 37355541,
"EventTime": "2021-09-07T01:10:00.415045-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:10:00.616460-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 4718610,
"ParentPID": 6684890,
"Thread": 37355541,
"EventTime": "2021-09-07T01:10:00.415045-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:10:00.617270-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 00:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 4718610,
"ParentPID": 6684890,
"Thread": 37355541,
"EventTime": "2021-09-07T01:10:00.415045-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:10:00.618028-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 4718610,
"ParentPID": 6684890,
"Thread": 37355541,
"EventTime": "2021-09-07T01:10:00.415045-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:10:00.618775-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 4718616,
"ParentPID": 6684890,
"Thread": 37093631,
"EventTime": "2021-09-07T01:15:00.424910-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:15:00.487347-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 4718616,
"ParentPID": 6684890,
"Thread": 37093631,
"EventTime": "2021-09-07T01:15:00.424910-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:15:00.488172-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 00:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 4718616,
"ParentPID": 6684890,
"Thread": 37093631,
"EventTime": "2021-09-07T01:15:00.424910-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:15:00.488938-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 4718616,
"ParentPID": 6684890,
"Thread": 37093631,
"EventTime": "2021-09-07T01:15:00.424910-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:15:00.489688-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485836c3Eaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485836,
"ParentPID": 10747946,
"Thread": 45351049,
"EventTime": "2021-09-07T01:18:43.625509-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:18:43.796587-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10747954,
"ParentPID": 4718618,
"Thread": 31916115,
"EventTime": "2021-09-07T01:18:43.645515-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:18:43.797399-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485860diEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485860,
"ParentPID": 10747956,
"Thread": 45351073,
"EventTime": "2021-09-07T01:18:43.735550-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:18:43.798131-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240788,
"ParentPID": 6684890,
"Thread": 35848215,
"EventTime": "2021-09-07T01:20:00.436458-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:20:00.717479-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240788,
"ParentPID": 6684890,
"Thread": 35848215,
"EventTime": "2021-09-07T01:20:00.436458-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:20:00.718257-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 00:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240788,
"ParentPID": 6684890,
"Thread": 35848215,
"EventTime": "2021-09-07T01:20:00.436458-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:20:00.719025-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240788,
"ParentPID": 6684890,
"Thread": 35848215,
"EventTime": "2021-09-07T01:20:00.439340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:20:00.719883-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371736,
"ParentPID": 6684890,
"Thread": 36241429,
"EventTime": "2021-09-07T01:25:00.441514-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:25:00.632869-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371736,
"ParentPID": 6684890,
"Thread": 36241429,
"EventTime": "2021-09-07T01:25:00.441514-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:25:00.633678-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 00:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371736,
"ParentPID": 6684890,
"Thread": 36241429,
"EventTime": "2021-09-07T01:25:00.441514-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:25:00.634438-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371736,
"ParentPID": 6684890,
"Thread": 36241429,
"EventTime": "2021-09-07T01:25:00.441514-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:25:00.635180-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09240796",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10223788,
"ParentPID": 9240796,
"Thread": 37945485,
"EventTime": "2021-09-07T01:25:00.463014-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:25:00.635717-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371738,
"ParentPID": 6684890,
"Thread": 37159039,
"EventTime": "2021-09-07T01:30:00.470690-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:30:00.531677-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371738,
"ParentPID": 6684890,
"Thread": 37159039,
"EventTime": "2021-09-07T01:30:00.470690-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:30:00.532498-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 00:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371738,
"ParentPID": 6684890,
"Thread": 37159039,
"EventTime": "2021-09-07T01:30:00.470690-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:30:00.533279-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371738,
"ParentPID": 6684890,
"Thread": 37159039,
"EventTime": "2021-09-07T01:30:00.470690-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:30:00.534041-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-07T01:33:12.113340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:33:12.261368-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223810ZiDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223810,
"ParentPID": 9240806,
"Thread": 46071863,
"EventTime": "2021-09-07T01:33:43.862342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:33:44.125651-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9240814,
"ParentPID": 9371742,
"Thread": 35061861,
"EventTime": "2021-09-07T01:33:43.882341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:33:44.126419-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223834ZQDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223834,
"ParentPID": 9240816,
"Thread": 46071887,
"EventTime": "2021-09-07T01:33:43.975902-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:33:44.127168-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371744,
"ParentPID": 6684890,
"Thread": 31588451,
"EventTime": "2021-09-07T01:35:00.479340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:35:00.774884-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371744,
"ParentPID": 6684890,
"Thread": 31588451,
"EventTime": "2021-09-07T01:35:00.479340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:35:00.775715-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 00:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371744,
"ParentPID": 6684890,
"Thread": 31588451,
"EventTime": "2021-09-07T01:35:00.479340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:35:00.776489-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371744,
"ParentPID": 6684890,
"Thread": 31588451,
"EventTime": "2021-09-07T01:35:00.483041-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:35:00.777241-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371746,
"ParentPID": 5439688,
"Thread": 33423499,
"EventTime": "2021-09-07T01:36:44.136340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:36:44.140827-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9240818.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9240818,
"ParentPID": 9371746,
"Thread": 35651833,
"EventTime": "2021-09-07T01:36:44.266838-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:36:44.442471-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9240818",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10223850,
"ParentPID": 9240818,
"Thread": 50724913,
"EventTime": "2021-09-07T01:36:44.296340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:36:44.443242-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10223850,
"ParentPID": 9240818,
"Thread": 50724913,
"EventTime": "2021-09-07T01:36:44.306340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:36:44.444001-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223854aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223854,
"ParentPID": 9240818,
"Thread": 50724917,
"EventTime": "2021-09-07T01:36:44.316340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:36:44.444747-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223854aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223854,
"ParentPID": 9240818,
"Thread": 50724917,
"EventTime": "2021-09-07T01:36:44.316849-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:36:44.445482-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223854aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223854,
"ParentPID": 9240818,
"Thread": 50724917,
"EventTime": "2021-09-07T01:36:44.316849-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:36:44.446209-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9240818/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10223860,
"ParentPID": 9240818,
"Thread": 50724923,
"EventTime": "2021-09-07T01:36:44.326341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:36:44.446975-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9240818",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10223862,
"ParentPID": 9240818,
"Thread": 50724925,
"EventTime": "2021-09-07T01:36:44.331184-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:36:44.447710-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9240820,
"ParentPID": 9371746,
"Thread": 35651835,
"EventTime": "2021-09-07T01:36:44.336340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:36:44.448375-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240820,
"ParentPID": 9371746,
"Thread": 35651835,
"EventTime": "2021-09-07T01:36:44.336340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:36:44.449032-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371752,
"ParentPID": 5439688,
"Thread": 44826625,
"EventTime": "2021-09-07T01:39:35.950340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:39:35.998130-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240824,
"ParentPID": 6684890,
"Thread": 22741069,
"EventTime": "2021-09-07T01:40:00.489857-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:40:00.660236-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240824,
"ParentPID": 6684890,
"Thread": 22741069,
"EventTime": "2021-09-07T01:40:00.489857-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:40:00.661059-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 00:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240824,
"ParentPID": 6684890,
"Thread": 22741069,
"EventTime": "2021-09-07T01:40:00.489857-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:40:00.661820-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240824,
"ParentPID": 6684890,
"Thread": 22741069,
"EventTime": "2021-09-07T01:40:00.489857-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:40:00.662698-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371758,
"ParentPID": 6684890,
"Thread": 45875397,
"EventTime": "2021-09-07T01:45:00.499340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:45:00.548143-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371758,
"ParentPID": 6684890,
"Thread": 45875397,
"EventTime": "2021-09-07T01:45:00.499340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:45:00.548911-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 00:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371758,
"ParentPID": 6684890,
"Thread": 45875397,
"EventTime": "2021-09-07T01:45:00.499340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:45:00.549732-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371758,
"ParentPID": 6684890,
"Thread": 45875397,
"EventTime": "2021-09-07T01:45:00.499340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:45:00.550543-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223628TQDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223628,
"ParentPID": 9240580,
"Thread": 43843669,
"EventTime": "2021-09-07T01:48:44.107493-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:48:44.115306-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9240588,
"ParentPID": 9371760,
"Thread": 44302349,
"EventTime": "2021-09-07T01:48:44.122340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:48:44.418934-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223652UADaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223652,
"ParentPID": 9240590,
"Thread": 43843693,
"EventTime": "2021-09-07T01:48:44.222340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:48:44.419751-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371762,
"ParentPID": 6684890,
"Thread": 46268571,
"EventTime": "2021-09-07T01:50:00.510475-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:50:00.519953-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371762,
"ParentPID": 6684890,
"Thread": 46268571,
"EventTime": "2021-09-07T01:50:00.510475-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:50:00.520787-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 00:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371762,
"ParentPID": 6684890,
"Thread": 46268571,
"EventTime": "2021-09-07T01:50:00.510475-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:50:00.521551-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371762,
"ParentPID": 6684890,
"Thread": 46268571,
"EventTime": "2021-09-07T01:50:00.510475-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:50:00.522301-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240594,
"ParentPID": 6684890,
"Thread": 46268583,
"EventTime": "2021-09-07T01:55:00.523297-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:55:00.737393-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240594,
"ParentPID": 6684890,
"Thread": 46268583,
"EventTime": "2021-09-07T01:55:00.523297-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:55:00.738224-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 00:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240594,
"ParentPID": 6684890,
"Thread": 46268583,
"EventTime": "2021-09-07T01:55:00.523297-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:55:00.738992-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240594,
"ParentPID": 6684890,
"Thread": 46268583,
"EventTime": "2021-09-07T01:55:00.523297-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T01:55:00.739782-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240596,
"ParentPID": 6684890,
"Thread": 47644847,
"EventTime": "2021-09-07T02:00:00.529343-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:00:00.696875-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240596,
"ParentPID": 6684890,
"Thread": 47644847,
"EventTime": "2021-09-07T02:00:00.529343-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:00:00.697705-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 01:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240596,
"ParentPID": 6684890,
"Thread": 47644847,
"EventTime": "2021-09-07T02:00:00.529343-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:00:00.698468-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240596,
"ParentPID": 6684890,
"Thread": 47644847,
"EventTime": "2021-09-07T02:00:00.535522-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:00:00.699221-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371768,
"ParentPID": 5439688,
"Thread": 47644855,
"EventTime": "2021-09-07T02:01:26.956339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:01:27.194703-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371770,
"ParentPID": 5439688,
"Thread": 47644857,
"EventTime": "2021-09-07T02:01:27.216339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:01:27.495788-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371772,
"ParentPID": 5439688,
"Thread": 47644859,
"EventTime": "2021-09-07T02:01:32.536339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:01:32.606902-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371774,
"ParentPID": 5439688,
"Thread": 47644861,
"EventTime": "2021-09-07T02:01:33.636339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:01:33.819397-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371776,
"ParentPID": 5439688,
"Thread": 47644863,
"EventTime": "2021-09-07T02:01:33.898942-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:01:34.126939-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371778,
"ParentPID": 5439688,
"Thread": 40566799,
"EventTime": "2021-09-07T02:01:44.062234-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:01:44.349873-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371780,
"ParentPID": 5439688,
"Thread": 40566801,
"EventTime": "2021-09-07T02:01:44.319616-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:01:44.350390-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371782,
"ParentPID": 5439688,
"Thread": 40566803,
"EventTime": "2021-09-07T02:01:44.580065-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:01:44.656893-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371784,
"ParentPID": 5439688,
"Thread": 40566805,
"EventTime": "2021-09-07T02:01:44.850547-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:01:44.957686-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371786,
"ParentPID": 5439688,
"Thread": 40566807,
"EventTime": "2021-09-07T02:01:45.107230-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:01:45.261851-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09240600",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10223654,
"ParentPID": 9240600,
"Thread": 27590713,
"EventTime": "2021-09-07T02:01:45.121058-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:01:45.262237-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223676OqDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223676,
"ParentPID": 9240610,
"Thread": 38535241,
"EventTime": "2021-09-07T02:03:44.302341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:03:44.512932-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9240618,
"ParentPID": 9371790,
"Thread": 31326423,
"EventTime": "2021-09-07T02:03:44.322340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:03:44.513449-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223700OMDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223700,
"ParentPID": 9240620,
"Thread": 38535265,
"EventTime": "2021-09-07T02:03:44.382339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:03:44.513917-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371792,
"ParentPID": 6684890,
"Thread": 46727353,
"EventTime": "2021-09-07T02:05:00.540845-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:05:00.801987-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371792,
"ParentPID": 6684890,
"Thread": 46727353,
"EventTime": "2021-09-07T02:05:00.540845-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:05:00.802526-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 01:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371792,
"ParentPID": 6684890,
"Thread": 46727353,
"EventTime": "2021-09-07T02:05:00.540845-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:05:00.803013-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371792,
"ParentPID": 6684890,
"Thread": 46727353,
"EventTime": "2021-09-07T02:05:00.540845-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:05:00.803487-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371794,
"ParentPID": 5439688,
"Thread": 46727367,
"EventTime": "2021-09-07T02:08:06.834233-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:07.058314-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9240622.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9240622,
"ParentPID": 9371794,
"Thread": 44171389,
"EventTime": "2021-09-07T02:08:06.963339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:07.058834-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9240622",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10223716,
"ParentPID": 9240622,
"Thread": 27197471,
"EventTime": "2021-09-07T02:08:06.983340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:07.059312-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10223716,
"ParentPID": 9240622,
"Thread": 27197471,
"EventTime": "2021-09-07T02:08:06.987634-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:07.059781-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223720aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223720,
"ParentPID": 9240622,
"Thread": 27197475,
"EventTime": "2021-09-07T02:08:06.993339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:07.060242-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223720aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223720,
"ParentPID": 9240622,
"Thread": 27197475,
"EventTime": "2021-09-07T02:08:06.993339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:07.060697-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223720aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223720,
"ParentPID": 9240622,
"Thread": 27197475,
"EventTime": "2021-09-07T02:08:06.993339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:07.061142-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9240622/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10223722,
"ParentPID": 9240622,
"Thread": 27197477,
"EventTime": "2021-09-07T02:08:07.003339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:07.061575-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9240622",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10223724,
"ParentPID": 9240622,
"Thread": 27197479,
"EventTime": "2021-09-07T02:08:07.003339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:07.061990-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9240624,
"ParentPID": 9371794,
"Thread": 44171391,
"EventTime": "2021-09-07T02:08:07.003339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:07.062400-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240624,
"ParentPID": 9371794,
"Thread": 44171391,
"EventTime": "2021-09-07T02:08:07.003339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:07.062812-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371796,
"ParentPID": 5439688,
"Thread": 46727369,
"EventTime": "2021-09-07T02:08:07.413353-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:07.663939-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9240626.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9240626,
"ParentPID": 9371796,
"Thread": 44171393,
"EventTime": "2021-09-07T02:08:07.537922-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:07.664461-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9240626",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10223740,
"ParentPID": 9240626,
"Thread": 27197495,
"EventTime": "2021-09-07T02:08:07.558059-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:07.664938-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10223740,
"ParentPID": 9240626,
"Thread": 27197495,
"EventTime": "2021-09-07T02:08:07.565359-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:07.665410-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223744aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223744,
"ParentPID": 9240626,
"Thread": 27197499,
"EventTime": "2021-09-07T02:08:07.568852-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:07.665871-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223744aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223744,
"ParentPID": 9240626,
"Thread": 27197499,
"EventTime": "2021-09-07T02:08:07.573588-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:07.666332-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223744aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223744,
"ParentPID": 9240626,
"Thread": 27197499,
"EventTime": "2021-09-07T02:08:07.573588-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:07.666785-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9240626/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10223746,
"ParentPID": 9240626,
"Thread": 27197501,
"EventTime": "2021-09-07T02:08:07.573588-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:07.667217-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9240626",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10223748,
"ParentPID": 9240626,
"Thread": 27197503,
"EventTime": "2021-09-07T02:08:07.583610-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:07.667632-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9240628,
"ParentPID": 9371796,
"Thread": 44171395,
"EventTime": "2021-09-07T02:08:07.583610-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:07.668043-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240628,
"ParentPID": 9371796,
"Thread": 44171395,
"EventTime": "2021-09-07T02:08:07.583610-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:07.668454-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371798,
"ParentPID": 5439688,
"Thread": 46727371,
"EventTime": "2021-09-07T02:08:08.795821-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:08.876567-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9240630.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9240630,
"ParentPID": 9371798,
"Thread": 44171397,
"EventTime": "2021-09-07T02:08:08.923339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:09.183966-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9240630",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10223764,
"ParentPID": 9240630,
"Thread": 27197519,
"EventTime": "2021-09-07T02:08:08.943524-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:09.184497-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10223764,
"ParentPID": 9240630,
"Thread": 27197519,
"EventTime": "2021-09-07T02:08:08.946083-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:09.184976-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223768aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223768,
"ParentPID": 9240630,
"Thread": 27197523,
"EventTime": "2021-09-07T02:08:08.953339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:09.185447-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223768aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223768,
"ParentPID": 9240630,
"Thread": 27197523,
"EventTime": "2021-09-07T02:08:08.956085-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:09.185908-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223768aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223768,
"ParentPID": 9240630,
"Thread": 27197523,
"EventTime": "2021-09-07T02:08:08.956085-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:09.186367-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9240630/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10223770,
"ParentPID": 9240630,
"Thread": 27197525,
"EventTime": "2021-09-07T02:08:08.963340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:09.186820-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9240630",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10223772,
"ParentPID": 9240630,
"Thread": 27197527,
"EventTime": "2021-09-07T02:08:08.966114-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:09.187256-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9240632,
"ParentPID": 9371798,
"Thread": 44171399,
"EventTime": "2021-09-07T02:08:08.966114-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:09.187671-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240632,
"ParentPID": 9371798,
"Thread": 44171399,
"EventTime": "2021-09-07T02:08:08.966114-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:09.188086-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371804,
"ParentPID": 5439688,
"Thread": 39780357,
"EventTime": "2021-09-07T02:08:20.708704-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:20.918136-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371806,
"ParentPID": 5439688,
"Thread": 39780359,
"EventTime": "2021-09-07T02:08:22.082339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:22.122181-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371808,
"ParentPID": 5439688,
"Thread": 39780361,
"EventTime": "2021-09-07T02:08:23.453943-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:23.624823-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371810,
"ParentPID": 5439688,
"Thread": 39780363,
"EventTime": "2021-09-07T02:08:24.842339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:25.147744-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9240634.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9240634,
"ParentPID": 9371810,
"Thread": 34930861,
"EventTime": "2021-09-07T02:08:24.967885-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:25.148259-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9240634",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10223788,
"ParentPID": 9240634,
"Thread": 42008617,
"EventTime": "2021-09-07T02:08:24.986861-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:25.148736-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10223788,
"ParentPID": 9240634,
"Thread": 42008617,
"EventTime": "2021-09-07T02:08:24.992343-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:25.149208-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223792aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223792,
"ParentPID": 9240634,
"Thread": 42008621,
"EventTime": "2021-09-07T02:08:24.996864-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:25.149670-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223792aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223792,
"ParentPID": 9240634,
"Thread": 42008621,
"EventTime": "2021-09-07T02:08:25.002339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:25.150130-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223792aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223792,
"ParentPID": 9240634,
"Thread": 42008621,
"EventTime": "2021-09-07T02:08:25.002565-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:25.150582-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9240634/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10223794,
"ParentPID": 9240634,
"Thread": 42008623,
"EventTime": "2021-09-07T02:08:25.006866-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:25.151017-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9240634",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10223796,
"ParentPID": 9240634,
"Thread": 42008625,
"EventTime": "2021-09-07T02:08:25.012364-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:25.151431-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9240636,
"ParentPID": 9371810,
"Thread": 34930863,
"EventTime": "2021-09-07T02:08:25.012364-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:25.151844-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240636,
"ParentPID": 9371810,
"Thread": 34930863,
"EventTime": "2021-09-07T02:08:25.012364-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:25.152256-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371812,
"ParentPID": 5439688,
"Thread": 39780365,
"EventTime": "2021-09-07T02:08:26.262874-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:26.360275-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9240638.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9240638,
"ParentPID": 9371812,
"Thread": 34930865,
"EventTime": "2021-09-07T02:08:26.392339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:26.662939-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9240638",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10223812,
"ParentPID": 9240638,
"Thread": 42008641,
"EventTime": "2021-09-07T02:08:26.412930-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:26.663454-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10223812,
"ParentPID": 9240638,
"Thread": 42008641,
"EventTime": "2021-09-07T02:08:26.419751-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:26.663919-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223816aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223816,
"ParentPID": 9240638,
"Thread": 42008645,
"EventTime": "2021-09-07T02:08:26.422339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:26.664378-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223816aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223816,
"ParentPID": 9240638,
"Thread": 42008645,
"EventTime": "2021-09-07T02:08:26.429753-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:26.664826-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223816aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223816,
"ParentPID": 9240638,
"Thread": 42008645,
"EventTime": "2021-09-07T02:08:26.429753-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:26.665281-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9240638/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 4718750,
"ParentPID": 9240638,
"Thread": 31916163,
"EventTime": "2021-09-07T02:08:26.442339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:26.665729-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10485934",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10223818,
"ParentPID": 10485934,
"Thread": 42008647,
"EventTime": "2021-09-07T02:08:26.442339-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:26.666054-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9240638",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 4718752,
"ParentPID": 9240638,
"Thread": 31916165,
"EventTime": "2021-09-07T02:08:26.442339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:26.666474-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9240640,
"ParentPID": 9371812,
"Thread": 34930867,
"EventTime": "2021-09-07T02:08:26.449758-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:26.666889-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240640,
"ParentPID": 9371812,
"Thread": 34930867,
"EventTime": "2021-09-07T02:08:26.449758-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:26.667298-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240644,
"ParentPID": 5439688,
"Thread": 36765949,
"EventTime": "2021-09-07T02:08:27.702339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:27.868642-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240646,
"ParentPID": 5439688,
"Thread": 36765951,
"EventTime": "2021-09-07T02:08:54.114910-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:54.305888-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240648,
"ParentPID": 5439688,
"Thread": 36765697,
"EventTime": "2021-09-07T02:08:54.761339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:54.917794-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9371816.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9371816,
"ParentPID": 9240648,
"Thread": 32833783,
"EventTime": "2021-09-07T02:08:54.891339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:54.918268-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9371816",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10485950,
"ParentPID": 9371816,
"Thread": 45678843,
"EventTime": "2021-09-07T02:08:54.911340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:54.918728-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10485950,
"ParentPID": 9371816,
"Thread": 45678843,
"EventTime": "2021-09-07T02:08:54.921352-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:55.221920-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485954aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485954,
"ParentPID": 9371816,
"Thread": 45678847,
"EventTime": "2021-09-07T02:08:54.926467-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:55.222442-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485954aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485954,
"ParentPID": 9371816,
"Thread": 45678847,
"EventTime": "2021-09-07T02:08:54.926467-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:55.222918-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485954aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485954,
"ParentPID": 9371816,
"Thread": 45678847,
"EventTime": "2021-09-07T02:08:54.926467-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:55.223384-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9371816/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10485960,
"ParentPID": 9371816,
"Thread": 45678597,
"EventTime": "2021-09-07T02:08:54.931506-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:55.223842-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9371816",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10485962,
"ParentPID": 9371816,
"Thread": 45678599,
"EventTime": "2021-09-07T02:08:54.936470-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:55.224301-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9371818,
"ParentPID": 9240648,
"Thread": 32833785,
"EventTime": "2021-09-07T02:08:54.936470-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:55.224749-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371818,
"ParentPID": 9240648,
"Thread": 32833785,
"EventTime": "2021-09-07T02:08:54.936470-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:08:55.225185-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371822,
"ParentPID": 6684890,
"Thread": 38338659,
"EventTime": "2021-09-07T02:10:00.543500-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:10:00.729371-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371822,
"ParentPID": 6684890,
"Thread": 38338659,
"EventTime": "2021-09-07T02:10:00.543500-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:10:00.729879-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 01:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371822,
"ParentPID": 6684890,
"Thread": 38338659,
"EventTime": "2021-09-07T02:10:00.543500-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:10:00.730404-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371822,
"ParentPID": 6684890,
"Thread": 38338659,
"EventTime": "2021-09-07T02:10:00.543500-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:10:00.730878-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371824,
"ParentPID": 6684890,
"Thread": 22937725,
"EventTime": "2021-09-07T02:15:00.549340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:15:00.803374-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371824,
"ParentPID": 6684890,
"Thread": 22937725,
"EventTime": "2021-09-07T02:15:00.549340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:15:00.803884-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 01:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371824,
"ParentPID": 6684890,
"Thread": 22937725,
"EventTime": "2021-09-07T02:15:00.550237-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:15:00.804365-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371824,
"ParentPID": 6684890,
"Thread": 22937725,
"EventTime": "2021-09-07T02:15:00.550237-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:15:00.804828-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485984IyEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485984,
"ParentPID": 9240660,
"Thread": 31457367,
"EventTime": "2021-09-07T02:18:44.456072-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:18:44.561885-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9240668,
"ParentPID": 9371826,
"Thread": 38928629,
"EventTime": "2021-09-07T02:18:44.461474-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:18:44.562388-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010486008IQEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10486008,
"ParentPID": 9240670,
"Thread": 31457391,
"EventTime": "2021-09-07T02:18:44.528324-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:18:44.562845-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010286,
"ParentPID": 6684890,
"Thread": 41680957,
"EventTime": "2021-09-07T02:20:00.551115-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:20:00.849911-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010286,
"ParentPID": 6684890,
"Thread": 41680957,
"EventTime": "2021-09-07T02:20:00.551115-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:20:00.850440-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 01:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010286,
"ParentPID": 6684890,
"Thread": 41680957,
"EventTime": "2021-09-07T02:20:00.551115-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:20:00.850915-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010286,
"ParentPID": 6684890,
"Thread": 41680957,
"EventTime": "2021-09-07T02:20:00.551115-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:20:00.851377-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010292,
"ParentPID": 6684890,
"Thread": 47448253,
"EventTime": "2021-09-07T02:25:00.551161-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:25:00.631826-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010292,
"ParentPID": 6684890,
"Thread": 47448253,
"EventTime": "2021-09-07T02:25:00.551161-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:25:00.632340-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 01:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010292,
"ParentPID": 6684890,
"Thread": 47448253,
"EventTime": "2021-09-07T02:25:00.551161-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:25:00.632814-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010292,
"ParentPID": 6684890,
"Thread": 47448253,
"EventTime": "2021-09-07T02:25:00.551161-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:25:00.633272-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10748004,
"ParentPID": 6684890,
"Thread": 35192921,
"EventTime": "2021-09-07T02:30:00.558612-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:30:00.689196-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10748004,
"ParentPID": 6684890,
"Thread": 35192921,
"EventTime": "2021-09-07T02:30:00.558612-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:30:00.689741-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 01:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10748004,
"ParentPID": 6684890,
"Thread": 35192921,
"EventTime": "2021-09-07T02:30:00.559339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:30:00.690227-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10748004,
"ParentPID": 6684890,
"Thread": 35192921,
"EventTime": "2021-09-07T02:30:00.559339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:30:00.690730-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-07T02:33:11.992339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:33:12.047304-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009371848C30Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371848,
"ParentPID": 11010048,
"Thread": 40763605,
"EventTime": "2021-09-07T02:33:44.595648-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:33:44.798658-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11010056,
"ParentPID": 10748008,
"Thread": 39452835,
"EventTime": "2021-09-07T02:33:44.603764-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:33:44.799169-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009371872CU0Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371872,
"ParentPID": 11010058,
"Thread": 40763629,
"EventTime": "2021-09-07T02:33:44.663778-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:33:44.799628-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10748010,
"ParentPID": 6684890,
"Thread": 38600919,
"EventTime": "2021-09-07T02:35:00.563508-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:35:00.825143-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10748010,
"ParentPID": 6684890,
"Thread": 38600919,
"EventTime": "2021-09-07T02:35:00.563508-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:35:00.825963-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 01:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10748010,
"ParentPID": 6684890,
"Thread": 38600919,
"EventTime": "2021-09-07T02:35:00.563508-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:35:00.826723-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10748010,
"ParentPID": 6684890,
"Thread": 38600919,
"EventTime": "2021-09-07T02:35:00.563508-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:35:00.827520-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10748012,
"ParentPID": 5439688,
"Thread": 35258469,
"EventTime": "2021-09-07T02:37:35.143340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:37:35.271900-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11010060.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11010060,
"ParentPID": 10748012,
"Thread": 35061887,
"EventTime": "2021-09-07T02:37:35.281025-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:37:35.574221-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11010060",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9371888,
"ParentPID": 11010060,
"Thread": 32178409,
"EventTime": "2021-09-07T02:37:35.313366-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:37:35.575038-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9371888,
"ParentPID": 11010060,
"Thread": 32178409,
"EventTime": "2021-09-07T02:37:35.313366-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:37:35.575784-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9371892aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9371892,
"ParentPID": 11010060,
"Thread": 32178413,
"EventTime": "2021-09-07T02:37:35.323340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:37:35.576518-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9371892aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9371892,
"ParentPID": 11010060,
"Thread": 32178413,
"EventTime": "2021-09-07T02:37:35.323340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:37:35.577235-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9371892aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9371892,
"ParentPID": 11010060,
"Thread": 32178413,
"EventTime": "2021-09-07T02:37:35.331045-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:37:35.577951-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11010060/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9371898,
"ParentPID": 11010060,
"Thread": 32178419,
"EventTime": "2021-09-07T02:37:35.341048-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:37:35.578659-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11010060",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9371900,
"ParentPID": 11010060,
"Thread": 32178421,
"EventTime": "2021-09-07T02:37:35.343587-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:37:35.579349-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11010062,
"ParentPID": 10748012,
"Thread": 35061889,
"EventTime": "2021-09-07T02:37:35.343587-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:37:35.580005-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11010062,
"ParentPID": 10748012,
"Thread": 35061889,
"EventTime": "2021-09-07T02:37:35.343587-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:37:35.580651-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09371902",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 4718804,
"ParentPID": 9371902,
"Thread": 38928395,
"EventTime": "2021-09-07T02:37:35.363363-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:37:35.581130-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10748014,
"ParentPID": 6684890,
"Thread": 35258473,
"EventTime": "2021-09-07T02:40:00.571924-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:40:00.716039-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10748014,
"ParentPID": 6684890,
"Thread": 35258473,
"EventTime": "2021-09-07T02:40:00.571924-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:40:00.716862-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 01:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10748014,
"ParentPID": 6684890,
"Thread": 35258473,
"EventTime": "2021-09-07T02:40:00.571924-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:40:00.717632-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10748014,
"ParentPID": 6684890,
"Thread": 35258473,
"EventTime": "2021-09-07T02:40:00.571924-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:40:00.718476-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10748016,
"ParentPID": 5439688,
"Thread": 35258481,
"EventTime": "2021-09-07T02:41:50.944340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:41:50.996945-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10748022,
"ParentPID": 6684890,
"Thread": 31916177,
"EventTime": "2021-09-07T02:45:00.582954-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:45:00.628726-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10748022,
"ParentPID": 6684890,
"Thread": 31916177,
"EventTime": "2021-09-07T02:45:00.582954-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:45:00.629546-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 01:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10748022,
"ParentPID": 6684890,
"Thread": 31916177,
"EventTime": "2021-09-07T02:45:00.582954-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:45:00.630309-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10748022,
"ParentPID": 6684890,
"Thread": 31916177,
"EventTime": "2021-09-07T02:45:00.582954-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:45:00.631056-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00093716687U0Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371668,
"ParentPID": 11010076,
"Thread": 40960249,
"EventTime": "2021-09-07T02:48:44.792777-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:48:45.061214-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11010084,
"ParentPID": 10748024,
"Thread": 31064105,
"EventTime": "2021-09-07T02:48:44.810340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:48:45.062032-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00093716928A0Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371692,
"ParentPID": 11010086,
"Thread": 40960017,
"EventTime": "2021-09-07T02:48:44.902816-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:48:45.062781-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371694,
"ParentPID": 6684890,
"Thread": 47120515,
"EventTime": "2021-09-07T02:50:00.592566-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:50:00.775248-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371694,
"ParentPID": 6684890,
"Thread": 47120515,
"EventTime": "2021-09-07T02:50:00.592566-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:50:00.776014-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 01:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371694,
"ParentPID": 6684890,
"Thread": 47120515,
"EventTime": "2021-09-07T02:50:00.592566-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:50:00.776769-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371694,
"ParentPID": 6684890,
"Thread": 47120515,
"EventTime": "2021-09-07T02:50:00.592566-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:50:00.777514-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371696,
"ParentPID": 6684890,
"Thread": 31916203,
"EventTime": "2021-09-07T02:55:00.597640-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:55:00.658643-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371696,
"ParentPID": 6684890,
"Thread": 31916203,
"EventTime": "2021-09-07T02:55:00.597640-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:55:00.659405-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 01:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371696,
"ParentPID": 6684890,
"Thread": 31916203,
"EventTime": "2021-09-07T02:55:00.597640-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:55:00.660153-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371696,
"ParentPID": 6684890,
"Thread": 31916203,
"EventTime": "2021-09-07T02:55:00.597640-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T02:55:00.660889-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8978540,
"ParentPID": 6684890,
"Thread": 46137529,
"EventTime": "2021-09-07T03:00:00.610416-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:00:00.841966-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8978540,
"ParentPID": 6684890,
"Thread": 46137529,
"EventTime": "2021-09-07T03:00:00.610416-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:00:00.842782-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 02:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8978540,
"ParentPID": 6684890,
"Thread": 46137529,
"EventTime": "2021-09-07T03:00:00.610416-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:00:00.843533-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8978540,
"ParentPID": 6684890,
"Thread": 46137529,
"EventTime": "2021-09-07T03:00:00.610416-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:00:00.844268-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371702,
"ParentPID": 5439688,
"Thread": 46137537,
"EventTime": "2021-09-07T03:01:37.940267-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:01:38.224915-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371704,
"ParentPID": 5439688,
"Thread": 46137539,
"EventTime": "2021-09-07T03:01:38.221048-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:01:38.532735-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371706,
"ParentPID": 5439688,
"Thread": 47120537,
"EventTime": "2021-09-07T03:01:43.546193-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:01:43.655905-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371708,
"ParentPID": 5439688,
"Thread": 47120539,
"EventTime": "2021-09-07T03:01:45.662101-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:01:45.763269-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371710,
"ParentPID": 5439688,
"Thread": 47120541,
"EventTime": "2021-09-07T03:01:50.093441-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:01:50.294243-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371712,
"ParentPID": 5439688,
"Thread": 47120543,
"EventTime": "2021-09-07T03:01:55.133707-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:01:55.409131-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371714,
"ParentPID": 5439688,
"Thread": 47120545,
"EventTime": "2021-09-07T03:01:55.403340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:01:55.409893-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371716,
"ParentPID": 5439688,
"Thread": 47120547,
"EventTime": "2021-09-07T03:01:55.673340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:01:55.713558-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371718,
"ParentPID": 5439688,
"Thread": 47120549,
"EventTime": "2021-09-07T03:01:55.934033-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:01:56.020730-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371720,
"ParentPID": 5439688,
"Thread": 47120551,
"EventTime": "2021-09-07T03:01:56.193340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:01:56.324172-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00092407222A0qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240722,
"ParentPID": 8978552,
"Thread": 33030247,
"EventTime": "2021-09-07T03:03:45.032925-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:03:45.111567-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8978560,
"ParentPID": 9371724,
"Thread": 41549841,
"EventTime": "2021-09-07T03:03:45.050774-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:03:45.112374-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00092407463q0qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240746,
"ParentPID": 8978562,
"Thread": 33030271,
"EventTime": "2021-09-07T03:03:45.147548-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:03:45.413263-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371726,
"ParentPID": 6684890,
"Thread": 22937741,
"EventTime": "2021-09-07T03:05:00.620973-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:05:00.882576-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371726,
"ParentPID": 6684890,
"Thread": 22937741,
"EventTime": "2021-09-07T03:05:00.620973-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:05:00.883389-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 02:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371726,
"ParentPID": 6684890,
"Thread": 22937741,
"EventTime": "2021-09-07T03:05:00.620973-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:05:00.884133-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371726,
"ParentPID": 6684890,
"Thread": 22937741,
"EventTime": "2021-09-07T03:05:00.620973-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:05:00.884868-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371728,
"ParentPID": 5439688,
"Thread": 47120561,
"EventTime": "2021-09-07T03:05:15.567340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:05:15.607281-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10551456.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10551456,
"ParentPID": 9371728,
"Thread": 38076569,
"EventTime": "2021-09-07T03:05:15.697340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:05:15.908363-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10551456",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10223622,
"ParentPID": 10551456,
"Thread": 44564565,
"EventTime": "2021-09-07T03:05:15.727341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:05:15.909116-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10223622,
"ParentPID": 10551456,
"Thread": 44564565,
"EventTime": "2021-09-07T03:05:15.737341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:05:15.909848-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223626aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223626,
"ParentPID": 10551456,
"Thread": 44564569,
"EventTime": "2021-09-07T03:05:15.747340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:05:15.910570-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223626aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223626,
"ParentPID": 10551456,
"Thread": 44564569,
"EventTime": "2021-09-07T03:05:15.747340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:05:15.911282-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223626aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223626,
"ParentPID": 10551456,
"Thread": 44564569,
"EventTime": "2021-09-07T03:05:15.747340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:05:15.911992-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10551456/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10223632,
"ParentPID": 10551456,
"Thread": 44564575,
"EventTime": "2021-09-07T03:05:15.759162-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:05:15.912693-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10551456",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10223634,
"ParentPID": 10551456,
"Thread": 44564577,
"EventTime": "2021-09-07T03:05:15.763128-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:05:15.913385-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10551458,
"ParentPID": 9371728,
"Thread": 38076571,
"EventTime": "2021-09-07T03:05:15.767341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:05:15.914051-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551458,
"ParentPID": 9371728,
"Thread": 38076571,
"EventTime": "2021-09-07T03:05:15.767341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:05:15.914697-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551462,
"ParentPID": 5439688,
"Thread": 46727385,
"EventTime": "2021-09-07T03:08:09.069952-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:09.343932-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551464,
"ParentPID": 5439688,
"Thread": 46727387,
"EventTime": "2021-09-07T03:08:09.701758-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:09.952204-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9371732.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9371732,
"ParentPID": 10551464,
"Thread": 46923869,
"EventTime": "2021-09-07T03:08:09.832119-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:09.953013-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9371732",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10223650,
"ParentPID": 9371732,
"Thread": 42991795,
"EventTime": "2021-09-07T03:08:09.871382-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:09.953743-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10223650,
"ParentPID": 9371732,
"Thread": 42991795,
"EventTime": "2021-09-07T03:08:09.875967-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:09.954470-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223654aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223654,
"ParentPID": 9371732,
"Thread": 42991799,
"EventTime": "2021-09-07T03:08:09.882135-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:09.955176-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223654aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223654,
"ParentPID": 9371732,
"Thread": 42991799,
"EventTime": "2021-09-07T03:08:09.882135-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:09.955880-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223654aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223654,
"ParentPID": 9371732,
"Thread": 42991799,
"EventTime": "2021-09-07T03:08:09.891342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:09.956577-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09240752",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 4718828,
"ParentPID": 9240752,
"Thread": 45351117,
"EventTime": "2021-09-07T03:08:09.902141-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:09.957093-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9371732/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10223656,
"ParentPID": 9371732,
"Thread": 42991801,
"EventTime": "2021-09-07T03:08:09.912143-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:09.957740-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9371732",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10223658,
"ParentPID": 9371732,
"Thread": 42991803,
"EventTime": "2021-09-07T03:08:09.912143-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:09.958383-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9371734,
"ParentPID": 10551464,
"Thread": 46923871,
"EventTime": "2021-09-07T03:08:09.917555-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:09.959020-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371734,
"ParentPID": 10551464,
"Thread": 46923871,
"EventTime": "2021-09-07T03:08:09.917555-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:09.959658-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551466,
"ParentPID": 5439688,
"Thread": 46727389,
"EventTime": "2021-09-07T03:08:10.303157-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:10.564540-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9371736.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9371736,
"ParentPID": 10551466,
"Thread": 46923873,
"EventTime": "2021-09-07T03:08:10.434478-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:10.565350-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9371736",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10223674,
"ParentPID": 9371736,
"Thread": 42991819,
"EventTime": "2021-09-07T03:08:10.463499-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:10.566087-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10223674,
"ParentPID": 9371736,
"Thread": 42991819,
"EventTime": "2021-09-07T03:08:10.473503-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:10.566829-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223678aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223678,
"ParentPID": 9371736,
"Thread": 42991823,
"EventTime": "2021-09-07T03:08:10.483509-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:10.567547-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223678aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223678,
"ParentPID": 9371736,
"Thread": 42991823,
"EventTime": "2021-09-07T03:08:10.483509-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:10.568259-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223678aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223678,
"ParentPID": 9371736,
"Thread": 42991823,
"EventTime": "2021-09-07T03:08:10.487495-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:10.568960-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9371736/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10223684,
"ParentPID": 9371736,
"Thread": 42991829,
"EventTime": "2021-09-07T03:08:10.493514-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:10.569658-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9371736",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10223686,
"ParentPID": 9371736,
"Thread": 42991831,
"EventTime": "2021-09-07T03:08:10.501340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:10.570322-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9371738,
"ParentPID": 10551466,
"Thread": 46923875,
"EventTime": "2021-09-07T03:08:10.503517-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:10.570970-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371738,
"ParentPID": 10551466,
"Thread": 46923875,
"EventTime": "2021-09-07T03:08:10.503517-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:10.571663-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551468,
"ParentPID": 5439688,
"Thread": 46727391,
"EventTime": "2021-09-07T03:08:11.807030-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:12.078489-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9371740.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9371740,
"ParentPID": 10551468,
"Thread": 46923877,
"EventTime": "2021-09-07T03:08:11.937366-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:12.079300-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9371740",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10223702,
"ParentPID": 9371740,
"Thread": 42991847,
"EventTime": "2021-09-07T03:08:11.972366-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:12.080037-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10223702,
"ParentPID": 9371740,
"Thread": 42991847,
"EventTime": "2021-09-07T03:08:11.978092-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:12.080770-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223706aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223706,
"ParentPID": 9371740,
"Thread": 42991851,
"EventTime": "2021-09-07T03:08:11.987392-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:12.081521-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223706aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223706,
"ParentPID": 9371740,
"Thread": 42991851,
"EventTime": "2021-09-07T03:08:11.987392-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:12.082246-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223706aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223706,
"ParentPID": 9371740,
"Thread": 42991851,
"EventTime": "2021-09-07T03:08:11.991341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:12.083004-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9371740/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10223712,
"ParentPID": 9371740,
"Thread": 42991857,
"EventTime": "2021-09-07T03:08:12.001340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:12.083702-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9371740",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10223714,
"ParentPID": 9371740,
"Thread": 42991859,
"EventTime": "2021-09-07T03:08:12.002617-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:12.084369-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9371742,
"ParentPID": 10551468,
"Thread": 46923879,
"EventTime": "2021-09-07T03:08:12.007404-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:12.085021-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371742,
"ParentPID": 10551468,
"Thread": 46923879,
"EventTime": "2021-09-07T03:08:12.007404-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:12.085668-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551470,
"ParentPID": 5439688,
"Thread": 41812011,
"EventTime": "2021-09-07T03:08:23.660340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:23.819348-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551472,
"ParentPID": 5439688,
"Thread": 41812013,
"EventTime": "2021-09-07T03:08:25.041982-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:25.323625-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551474,
"ParentPID": 5439688,
"Thread": 41812015,
"EventTime": "2021-09-07T03:08:26.425908-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:26.532795-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551476,
"ParentPID": 5439688,
"Thread": 41812017,
"EventTime": "2021-09-07T03:08:27.810340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:28.041204-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9371744.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9371744,
"ParentPID": 10551476,
"Thread": 46596349,
"EventTime": "2021-09-07T03:08:27.940340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:28.042012-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9371744",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10223730,
"ParentPID": 9371744,
"Thread": 30539803,
"EventTime": "2021-09-07T03:08:27.970340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:28.042752-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10223730,
"ParentPID": 9371744,
"Thread": 30539803,
"EventTime": "2021-09-07T03:08:27.980340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:28.043486-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223734aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223734,
"ParentPID": 9371744,
"Thread": 30539807,
"EventTime": "2021-09-07T03:08:27.987858-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:28.044204-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223734aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223734,
"ParentPID": 9371744,
"Thread": 30539807,
"EventTime": "2021-09-07T03:08:27.990356-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:28.044923-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223734aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223734,
"ParentPID": 9371744,
"Thread": 30539807,
"EventTime": "2021-09-07T03:08:27.990356-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:28.045623-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9371744/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10223736,
"ParentPID": 9371744,
"Thread": 30539809,
"EventTime": "2021-09-07T03:08:28.000340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:28.046316-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9371744",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10223738,
"ParentPID": 9371744,
"Thread": 30539811,
"EventTime": "2021-09-07T03:08:28.000340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:28.046978-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9371746,
"ParentPID": 10551476,
"Thread": 46596351,
"EventTime": "2021-09-07T03:08:28.010340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:28.047630-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371746,
"ParentPID": 10551476,
"Thread": 46596351,
"EventTime": "2021-09-07T03:08:28.010340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:28.048275-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551478,
"ParentPID": 5439688,
"Thread": 41812019,
"EventTime": "2021-09-07T03:08:29.270340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:29.551255-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9371748.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9371748,
"ParentPID": 10551478,
"Thread": 46596097,
"EventTime": "2021-09-07T03:08:29.400340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:29.552076-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9371748",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10223754,
"ParentPID": 9371748,
"Thread": 30539827,
"EventTime": "2021-09-07T03:08:29.433949-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:29.552817-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10223754,
"ParentPID": 9371748,
"Thread": 30539827,
"EventTime": "2021-09-07T03:08:29.440362-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:29.553554-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223758aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223758,
"ParentPID": 9371748,
"Thread": 30539831,
"EventTime": "2021-09-07T03:08:29.443952-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:29.554285-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223758aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223758,
"ParentPID": 9371748,
"Thread": 30539831,
"EventTime": "2021-09-07T03:08:29.450357-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:29.555010-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223758aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223758,
"ParentPID": 9371748,
"Thread": 30539831,
"EventTime": "2021-09-07T03:08:29.453967-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:29.555720-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9371748/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10223760,
"ParentPID": 9371748,
"Thread": 30539833,
"EventTime": "2021-09-07T03:08:29.460340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:29.556426-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9371748",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10223762,
"ParentPID": 9371748,
"Thread": 30539835,
"EventTime": "2021-09-07T03:08:29.463969-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:29.557089-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9371750,
"ParentPID": 10551478,
"Thread": 46596099,
"EventTime": "2021-09-07T03:08:29.463969-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:29.557738-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371750,
"ParentPID": 10551478,
"Thread": 46596099,
"EventTime": "2021-09-07T03:08:29.463969-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:29.558391-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551480,
"ParentPID": 5439688,
"Thread": 41812021,
"EventTime": "2021-09-07T03:08:30.730340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:08:30.760285-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551482,
"ParentPID": 6684890,
"Thread": 47906827,
"EventTime": "2021-09-07T03:10:00.630210-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:10:00.892530-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551482,
"ParentPID": 6684890,
"Thread": 47906827,
"EventTime": "2021-09-07T03:10:00.630210-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:10:00.893356-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 02:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551482,
"ParentPID": 6684890,
"Thread": 47906827,
"EventTime": "2021-09-07T03:10:00.630210-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:10:00.894111-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551482,
"ParentPID": 6684890,
"Thread": 47906827,
"EventTime": "2021-09-07T03:10:00.630210-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:10:00.894861-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551484,
"ParentPID": 6684890,
"Thread": 39059505,
"EventTime": "2021-09-07T03:15:00.635705-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:15:00.776524-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551484,
"ParentPID": 6684890,
"Thread": 39059505,
"EventTime": "2021-09-07T03:15:00.635705-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:15:00.777440-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 02:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551484,
"ParentPID": 6684890,
"Thread": 39059505,
"EventTime": "2021-09-07T03:15:00.635705-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:15:00.778218-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551484,
"ParentPID": 6684890,
"Thread": 39059505,
"EventTime": "2021-09-07T03:15:00.635705-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:15:00.779026-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09371752",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10223764,
"ParentPID": 9371752,
"Thread": 34013329,
"EventTime": "2021-09-07T03:15:00.657341-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:15:00.779572-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223786wqDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223786,
"ParentPID": 9371762,
"Thread": 30539857,
"EventTime": "2021-09-07T03:18:45.269376-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:18:45.550212-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9371770,
"ParentPID": 10551486,
"Thread": 46596117,
"EventTime": "2021-09-07T03:18:45.289340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:18:45.551031-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223810wYDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223810,
"ParentPID": 9371772,
"Thread": 30539881,
"EventTime": "2021-09-07T03:18:45.383128-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:18:45.551773-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551488,
"ParentPID": 6684890,
"Thread": 23658687,
"EventTime": "2021-09-07T03:20:00.666203-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:20:00.967550-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551488,
"ParentPID": 6684890,
"Thread": 23658687,
"EventTime": "2021-09-07T03:20:00.666203-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:20:00.968379-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 02:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551488,
"ParentPID": 6684890,
"Thread": 23658687,
"EventTime": "2021-09-07T03:20:00.667340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:20:00.969137-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551488,
"ParentPID": 6684890,
"Thread": 23658687,
"EventTime": "2021-09-07T03:20:00.667340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:20:00.969891-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551490,
"ParentPID": 6684890,
"Thread": 46465183,
"EventTime": "2021-09-07T03:25:00.674140-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:25:00.845503-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551490,
"ParentPID": 6684890,
"Thread": 46465183,
"EventTime": "2021-09-07T03:25:00.674140-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:25:00.846267-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 02:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551490,
"ParentPID": 6684890,
"Thread": 46465183,
"EventTime": "2021-09-07T03:25:00.676340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:25:00.847067-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551490,
"ParentPID": 6684890,
"Thread": 46465183,
"EventTime": "2021-09-07T03:25:00.676340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:25:00.847867-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551492,
"ParentPID": 5439688,
"Thread": 46465199,
"EventTime": "2021-09-07T03:29:41.980567-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:29:42.172280-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9371774.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9371774,
"ParentPID": 10551492,
"Thread": 35586139,
"EventTime": "2021-09-07T03:29:42.109974-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:29:42.173036-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9371774",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10223826,
"ParentPID": 9371774,
"Thread": 40697857,
"EventTime": "2021-09-07T03:29:42.139986-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:29:42.173767-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10223826,
"ParentPID": 9371774,
"Thread": 40697857,
"EventTime": "2021-09-07T03:29:42.149989-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:29:42.174500-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223830aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223830,
"ParentPID": 9371774,
"Thread": 40697861,
"EventTime": "2021-09-07T03:29:42.159993-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:29:42.175214-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223830aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223830,
"ParentPID": 9371774,
"Thread": 40697861,
"EventTime": "2021-09-07T03:29:42.159993-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:29:42.175924-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223830aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223830,
"ParentPID": 9371774,
"Thread": 40697861,
"EventTime": "2021-09-07T03:29:42.159993-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:29:42.176620-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9371774/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10223832,
"ParentPID": 9371774,
"Thread": 40697863,
"EventTime": "2021-09-07T03:29:42.177586-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:29:42.478262-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9371774",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10223834,
"ParentPID": 9371774,
"Thread": 40697865,
"EventTime": "2021-09-07T03:29:42.181161-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:29:42.479079-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9371776,
"ParentPID": 10551492,
"Thread": 35586141,
"EventTime": "2021-09-07T03:29:42.185506-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:29:42.479829-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371776,
"ParentPID": 10551492,
"Thread": 35586141,
"EventTime": "2021-09-07T03:29:42.185506-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:29:42.480567-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551494,
"ParentPID": 6684890,
"Thread": 41549857,
"EventTime": "2021-09-07T03:30:00.681459-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:30:00.799372-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551494,
"ParentPID": 6684890,
"Thread": 41549857,
"EventTime": "2021-09-07T03:30:00.681459-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:30:00.800137-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 02:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551494,
"ParentPID": 6684890,
"Thread": 41549857,
"EventTime": "2021-09-07T03:30:00.686340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:30:00.800896-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551494,
"ParentPID": 6684890,
"Thread": 41549857,
"EventTime": "2021-09-07T03:30:00.686340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:30:00.801644-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551496,
"ParentPID": 5439688,
"Thread": 31785029,
"EventTime": "2021-09-07T03:32:08.176730-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:32:08.223104-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-07T03:33:11.870340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:33:11.918786-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223856qYDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223856,
"ParentPID": 9371786,
"Thread": 39649329,
"EventTime": "2021-09-07T03:33:45.512251-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:33:45.584697-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9371794,
"ParentPID": 10551500,
"Thread": 31195137,
"EventTime": "2021-09-07T03:33:45.529341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:33:45.585469-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223624rEDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223624,
"ParentPID": 9371796,
"Thread": 39649353,
"EventTime": "2021-09-07T03:33:45.629377-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:33:45.886910-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551508,
"ParentPID": 6684890,
"Thread": 37748893,
"EventTime": "2021-09-07T03:35:00.689792-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:35:00.700585-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551508,
"ParentPID": 6684890,
"Thread": 37748893,
"EventTime": "2021-09-07T03:35:00.689792-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:35:00.701346-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 02:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551508,
"ParentPID": 6684890,
"Thread": 37748893,
"EventTime": "2021-09-07T03:35:00.689792-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:35:00.702107-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551508,
"ParentPID": 6684890,
"Thread": 37748893,
"EventTime": "2021-09-07T03:35:00.689792-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:35:00.702855-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551510,
"ParentPID": 6684890,
"Thread": 38076599,
"EventTime": "2021-09-07T03:40:00.699866-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:40:00.846405-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551510,
"ParentPID": 6684890,
"Thread": 38076599,
"EventTime": "2021-09-07T03:40:00.699866-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:40:00.847195-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 02:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551510,
"ParentPID": 6684890,
"Thread": 38076599,
"EventTime": "2021-09-07T03:40:00.709870-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:40:00.848015-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551510,
"ParentPID": 6684890,
"Thread": 38076599,
"EventTime": "2021-09-07T03:40:00.709870-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:40:00.848770-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551512,
"ParentPID": 6684890,
"Thread": 45351137,
"EventTime": "2021-09-07T03:45:00.717929-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:45:00.748642-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551512,
"ParentPID": 6684890,
"Thread": 45351137,
"EventTime": "2021-09-07T03:45:00.717929-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:45:00.749467-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 02:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551512,
"ParentPID": 6684890,
"Thread": 45351137,
"EventTime": "2021-09-07T03:45:00.717929-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:45:00.750236-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551512,
"ParentPID": 6684890,
"Thread": 45351137,
"EventTime": "2021-09-07T03:45:00.717929-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:45:00.751003-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223646lEDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223646,
"ParentPID": 9371812,
"Thread": 38928437,
"EventTime": "2021-09-07T03:48:45.748340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:48:45.819461-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9371820,
"ParentPID": 10551514,
"Thread": 35061925,
"EventTime": "2021-09-07T03:48:45.768341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:48:45.820303-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223670muDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223670,
"ParentPID": 9371822,
"Thread": 38928461,
"EventTime": "2021-09-07T03:48:45.858340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:48:46.121198-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551516,
"ParentPID": 6684890,
"Thread": 46530725,
"EventTime": "2021-09-07T03:50:00.726340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:50:00.947159-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551516,
"ParentPID": 6684890,
"Thread": 46530725,
"EventTime": "2021-09-07T03:50:00.726340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:50:00.947991-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 02:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551516,
"ParentPID": 6684890,
"Thread": 46530725,
"EventTime": "2021-09-07T03:50:00.726340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:50:00.948752-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551516,
"ParentPID": 6684890,
"Thread": 46530725,
"EventTime": "2021-09-07T03:50:00.726340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:50:00.949509-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551518,
"ParentPID": 6684890,
"Thread": 45351163,
"EventTime": "2021-09-07T03:55:00.735340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:55:00.943015-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551518,
"ParentPID": 6684890,
"Thread": 45351163,
"EventTime": "2021-09-07T03:55:00.735340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:55:00.943785-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 02:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551518,
"ParentPID": 6684890,
"Thread": 45351163,
"EventTime": "2021-09-07T03:55:00.735340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:55:00.944547-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551518,
"ParentPID": 6684890,
"Thread": 45351163,
"EventTime": "2021-09-07T03:55:00.735340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T03:55:00.945291-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551524,
"ParentPID": 6684890,
"Thread": 40239315,
"EventTime": "2021-09-07T04:00:00.745340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:00:00.865238-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551524,
"ParentPID": 6684890,
"Thread": 40239315,
"EventTime": "2021-09-07T04:00:00.745340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:00:00.866130-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 03:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551524,
"ParentPID": 6684890,
"Thread": 40239315,
"EventTime": "2021-09-07T04:00:00.745340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:00:00.866937-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551524,
"ParentPID": 6684890,
"Thread": 40239315,
"EventTime": "2021-09-07T04:00:00.745340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:00:00.867681-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09371828",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10223672,
"ParentPID": 9371828,
"Thread": 32243915,
"EventTime": "2021-09-07T04:00:00.765340-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:00:00.868224-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223694guDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223694,
"ParentPID": 10551536,
"Thread": 38142137,
"EventTime": "2021-09-07T04:03:45.987340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:03:46.224990-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10551544,
"ParentPID": 9371834,
"Thread": 45547667,
"EventTime": "2021-09-07T04:03:46.003720-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:03:46.225826-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223718haDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223718,
"ParentPID": 10551546,
"Thread": 38142161,
"EventTime": "2021-09-07T04:03:46.097345-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:03:46.226581-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371836,
"ParentPID": 6684890,
"Thread": 42991625,
"EventTime": "2021-09-07T04:05:00.770915-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:05:01.070501-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371836,
"ParentPID": 6684890,
"Thread": 42991625,
"EventTime": "2021-09-07T04:05:00.770915-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:05:01.071331-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 03:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371836,
"ParentPID": 6684890,
"Thread": 42991625,
"EventTime": "2021-09-07T04:05:00.770915-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:05:01.072118-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371836,
"ParentPID": 6684890,
"Thread": 42991625,
"EventTime": "2021-09-07T04:05:00.770915-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:05:01.072877-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371842,
"ParentPID": 6684890,
"Thread": 35061937,
"EventTime": "2021-09-07T04:10:00.778681-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:10:00.945374-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371842,
"ParentPID": 6684890,
"Thread": 35061937,
"EventTime": "2021-09-07T04:10:00.778681-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:10:00.946171-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 03:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371842,
"ParentPID": 6684890,
"Thread": 35061937,
"EventTime": "2021-09-07T04:10:00.778681-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:10:00.946995-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371842,
"ParentPID": 6684890,
"Thread": 35061937,
"EventTime": "2021-09-07T04:10:00.778681-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:10:00.947753-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371844,
"ParentPID": 6684890,
"Thread": 42926169,
"EventTime": "2021-09-07T04:15:00.787533-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:15:00.887499-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371844,
"ParentPID": 6684890,
"Thread": 42926169,
"EventTime": "2021-09-07T04:15:00.791398-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:15:00.888338-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 03:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371844,
"ParentPID": 6684890,
"Thread": 42926169,
"EventTime": "2021-09-07T04:15:00.791398-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:15:00.889103-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371844,
"ParentPID": 6684890,
"Thread": 42926169,
"EventTime": "2021-09-07T04:15:00.791398-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:15:00.889856-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010551312aYEqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10551312,
"ParentPID": 10223732,
"Thread": 44105843,
"EventTime": "2021-09-07T04:18:46.227384-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:18:46.238083-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10223740,
"ParentPID": 9371846,
"Thread": 28508331,
"EventTime": "2021-09-07T04:18:46.241062-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:18:46.539826-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010551336bIEqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10551336,
"ParentPID": 10223742,
"Thread": 44105867,
"EventTime": "2021-09-07T04:18:46.341095-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:18:46.540601-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371848,
"ParentPID": 6684890,
"Thread": 45416573,
"EventTime": "2021-09-07T04:20:00.797202-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:20:01.087476-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371848,
"ParentPID": 6684890,
"Thread": 45416573,
"EventTime": "2021-09-07T04:20:00.797202-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:20:01.088304-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 03:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371848,
"ParentPID": 6684890,
"Thread": 45416573,
"EventTime": "2021-09-07T04:20:00.797202-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:20:01.089067-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371848,
"ParentPID": 6684890,
"Thread": 45416573,
"EventTime": "2021-09-07T04:20:00.797202-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:20:01.089813-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371850,
"ParentPID": 6684890,
"Thread": 23855291,
"EventTime": "2021-09-07T04:25:00.805182-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:25:00.844654-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371850,
"ParentPID": 6684890,
"Thread": 23855291,
"EventTime": "2021-09-07T04:25:00.805182-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:25:00.845145-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 03:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371850,
"ParentPID": 6684890,
"Thread": 23855291,
"EventTime": "2021-09-07T04:25:00.805182-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:25:00.845653-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371850,
"ParentPID": 6684890,
"Thread": 23855291,
"EventTime": "2021-09-07T04:25:00.805182-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:25:00.846118-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223746,
"ParentPID": 6684890,
"Thread": 43843723,
"EventTime": "2021-09-07T04:30:00.811274-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:30:00.992753-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223746,
"ParentPID": 6684890,
"Thread": 43843723,
"EventTime": "2021-09-07T04:30:00.811274-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:30:00.993588-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 03:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223746,
"ParentPID": 6684890,
"Thread": 43843723,
"EventTime": "2021-09-07T04:30:00.814340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:30:00.994632-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223746,
"ParentPID": 6684890,
"Thread": 43843723,
"EventTime": "2021-09-07T04:30:00.814340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:30:00.995448-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-07T04:33:11.748340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:33:11.784293-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010551358XEEqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10551358,
"ParentPID": 10223758,
"Thread": 45350971,
"EventTime": "2021-09-07T04:33:46.462307-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:33:46.671236-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10223766,
"ParentPID": 9371858,
"Thread": 46006437,
"EventTime": "2021-09-07T04:33:46.479968-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:33:46.672008-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010551382YuEqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10551382,
"ParentPID": 10223768,
"Thread": 45350995,
"EventTime": "2021-09-07T04:33:46.569999-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:33:46.672750-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830490,
"ParentPID": 6684890,
"Thread": 37748927,
"EventTime": "2021-09-07T04:35:00.814367-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:35:00.915224-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830490,
"ParentPID": 6684890,
"Thread": 37748927,
"EventTime": "2021-09-07T04:35:00.814367-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:35:00.916046-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 03:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830490,
"ParentPID": 6684890,
"Thread": 37748927,
"EventTime": "2021-09-07T04:35:00.824372-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:35:00.916802-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830490,
"ParentPID": 6684890,
"Thread": 37748927,
"EventTime": "2021-09-07T04:35:00.824372-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:35:00.917543-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830492,
"ParentPID": 6684890,
"Thread": 14483551,
"EventTime": "2021-09-07T04:40:00.829170-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:40:01.124037-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830492,
"ParentPID": 6684890,
"Thread": 14483551,
"EventTime": "2021-09-07T04:40:00.829170-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:40:01.124852-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 03:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830492,
"ParentPID": 6684890,
"Thread": 14483551,
"EventTime": "2021-09-07T04:40:00.834340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:40:01.125681-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830492,
"ParentPID": 6684890,
"Thread": 14483551,
"EventTime": "2021-09-07T04:40:00.834340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:40:01.126428-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830494,
"ParentPID": 6684890,
"Thread": 45416597,
"EventTime": "2021-09-07T04:45:00.840524-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:45:01.032743-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830494,
"ParentPID": 6684890,
"Thread": 45416597,
"EventTime": "2021-09-07T04:45:00.840524-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:45:01.033521-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 03:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830494,
"ParentPID": 6684890,
"Thread": 45416597,
"EventTime": "2021-09-07T04:45:00.844340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:45:01.034280-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830494,
"ParentPID": 6684890,
"Thread": 45416597,
"EventTime": "2021-09-07T04:45:00.844340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:45:01.035071-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636134Suv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636134,
"ParentPID": 10289274,
"Thread": 38142183,
"EventTime": "2021-09-07T04:48:46.697087-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:48:46.725687-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10289282,
"ParentPID": 9830496,
"Thread": 23658749,
"EventTime": "2021-09-07T04:48:46.717092-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:48:46.726638-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636158Tav7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636158,
"ParentPID": 10289284,
"Thread": 38142207,
"EventTime": "2021-09-07T04:48:46.807134-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:48:47.028527-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830498,
"ParentPID": 6684890,
"Thread": 32375035,
"EventTime": "2021-09-07T04:50:00.852248-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:50:00.947785-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830498,
"ParentPID": 6684890,
"Thread": 32375035,
"EventTime": "2021-09-07T04:50:00.852248-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:50:00.948593-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 03:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830498,
"ParentPID": 6684890,
"Thread": 32375035,
"EventTime": "2021-09-07T04:50:00.854341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:50:00.949347-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830498,
"ParentPID": 6684890,
"Thread": 32375035,
"EventTime": "2021-09-07T04:50:00.854341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:50:00.950091-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10289286",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 5636160,
"ParentPID": 10289286,
"Thread": 43515955,
"EventTime": "2021-09-07T04:50:00.871007-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:50:00.950632-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830500,
"ParentPID": 6684890,
"Thread": 32374787,
"EventTime": "2021-09-07T04:55:00.873340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:55:01.129746-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830500,
"ParentPID": 6684890,
"Thread": 32374787,
"EventTime": "2021-09-07T04:55:00.873340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:55:01.130531-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 03:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830500,
"ParentPID": 6684890,
"Thread": 32374787,
"EventTime": "2021-09-07T04:55:00.873340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:55:01.131305-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830500,
"ParentPID": 6684890,
"Thread": 32374787,
"EventTime": "2021-09-07T04:55:00.878102-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T04:55:01.132056-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289290,
"ParentPID": 6684890,
"Thread": 49807613,
"EventTime": "2021-09-07T05:00:00.883909-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:00:01.063045-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289290,
"ParentPID": 6684890,
"Thread": 49807613,
"EventTime": "2021-09-07T05:00:00.883909-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:00:01.063934-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 04:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10289290,
"ParentPID": 6684890,
"Thread": 49807613,
"EventTime": "2021-09-07T05:00:00.883909-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:00:01.064754-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10289290,
"ParentPID": 6684890,
"Thread": 49807613,
"EventTime": "2021-09-07T05:00:00.889096-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:00:01.065514-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636182Nav7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636182,
"ParentPID": 10289302,
"Thread": 22741135,
"EventTime": "2021-09-07T05:03:46.936341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:03:47.103818-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10289310,
"ParentPID": 9830508,
"Thread": 46661847,
"EventTime": "2021-09-07T05:03:46.956340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:03:47.104636-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636206NIv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636206,
"ParentPID": 10289312,
"Thread": 22741159,
"EventTime": "2021-09-07T05:03:47.052819-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:03:47.105395-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830510,
"ParentPID": 6684890,
"Thread": 36896927,
"EventTime": "2021-09-07T05:05:00.897374-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:05:01.016341-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830510,
"ParentPID": 6684890,
"Thread": 36896927,
"EventTime": "2021-09-07T05:05:00.897374-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:05:01.017115-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 04:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830510,
"ParentPID": 6684890,
"Thread": 36896927,
"EventTime": "2021-09-07T05:05:00.897374-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:05:01.017889-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830510,
"ParentPID": 6684890,
"Thread": 36896927,
"EventTime": "2021-09-07T05:05:00.897374-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:05:01.018640-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830512,
"ParentPID": 6684890,
"Thread": 28770443,
"EventTime": "2021-09-07T05:10:00.906190-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:10:00.970619-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830512,
"ParentPID": 6684890,
"Thread": 28770443,
"EventTime": "2021-09-07T05:10:00.906190-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:10:00.971387-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 04:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830512,
"ParentPID": 6684890,
"Thread": 28770443,
"EventTime": "2021-09-07T05:10:00.906190-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:10:00.972144-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830512,
"ParentPID": 6684890,
"Thread": 28770443,
"EventTime": "2021-09-07T05:10:00.906190-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:10:00.972888-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830514,
"ParentPID": 6684890,
"Thread": 50528293,
"EventTime": "2021-09-07T05:15:00.915127-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:15:00.930176-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830514,
"ParentPID": 6684890,
"Thread": 50528293,
"EventTime": "2021-09-07T05:15:00.915127-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:15:00.930955-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 04:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830514,
"ParentPID": 6684890,
"Thread": 50528293,
"EventTime": "2021-09-07T05:15:00.915127-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:15:00.931719-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830514,
"ParentPID": 6684890,
"Thread": 50528293,
"EventTime": "2021-09-07T05:15:00.915127-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:15:00.932464-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636228HIv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636228,
"ParentPID": 10289322,
"Thread": 46203091,
"EventTime": "2021-09-07T05:18:47.177043-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:18:47.228708-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10289330,
"ParentPID": 9830516,
"Thread": 48890091,
"EventTime": "2021-09-07T05:18:47.195341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:18:47.229476-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636252Iyv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636252,
"ParentPID": 10289332,
"Thread": 46203115,
"EventTime": "2021-09-07T05:18:47.287081-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:18:47.536185-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636254,
"ParentPID": 6684890,
"Thread": 46203123,
"EventTime": "2021-09-07T05:20:00.925444-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:20:01.149833-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636254,
"ParentPID": 6684890,
"Thread": 46203123,
"EventTime": "2021-09-07T05:20:00.925444-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:20:01.150607-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 04:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636254,
"ParentPID": 6684890,
"Thread": 46203123,
"EventTime": "2021-09-07T05:20:00.925444-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:20:01.151371-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636254,
"ParentPID": 6684890,
"Thread": 46203123,
"EventTime": "2021-09-07T05:20:00.925444-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:20:01.152112-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636256,
"ParentPID": 6684890,
"Thread": 27197579,
"EventTime": "2021-09-07T05:25:00.935605-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:25:01.019449-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636256,
"ParentPID": 6684890,
"Thread": 27197579,
"EventTime": "2021-09-07T05:25:00.935605-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:25:01.020262-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 04:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636256,
"ParentPID": 6684890,
"Thread": 27197579,
"EventTime": "2021-09-07T05:25:00.935605-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:25:01.021021-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636256,
"ParentPID": 6684890,
"Thread": 27197579,
"EventTime": "2021-09-07T05:25:00.935605-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:25:01.021771-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636258,
"ParentPID": 6684890,
"Thread": 44957839,
"EventTime": "2021-09-07T05:30:00.945121-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:30:01.188639-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636258,
"ParentPID": 6684890,
"Thread": 44957839,
"EventTime": "2021-09-07T05:30:00.945121-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:30:01.189442-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 04:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636258,
"ParentPID": 6684890,
"Thread": 44957839,
"EventTime": "2021-09-07T05:30:00.945121-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:30:01.190211-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636258,
"ParentPID": 6684890,
"Thread": 44957839,
"EventTime": "2021-09-07T05:30:00.945121-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:30:01.190964-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-07T05:33:11.626342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:33:11.704961-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009437270CyAaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9437270,
"ParentPID": 5636270,
"Thread": 48038121,
"EventTime": "2021-09-07T05:33:47.420685-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:33:47.494610-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 5636278,
"ParentPID": 10551434,
"Thread": 46334163,
"EventTime": "2021-09-07T05:33:47.435340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:33:47.495647-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009437294DiAaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9437294,
"ParentPID": 5636280,
"Thread": 48037889,
"EventTime": "2021-09-07T05:33:47.535340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:33:47.802280-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551436,
"ParentPID": 6684890,
"Thread": 27197599,
"EventTime": "2021-09-07T05:35:00.955648-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:35:01.134909-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551436,
"ParentPID": 6684890,
"Thread": 27197599,
"EventTime": "2021-09-07T05:35:00.955648-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:35:01.135725-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 04:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551436,
"ParentPID": 6684890,
"Thread": 27197599,
"EventTime": "2021-09-07T05:35:00.955648-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:35:01.136478-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551436,
"ParentPID": 6684890,
"Thread": 27197599,
"EventTime": "2021-09-07T05:35:00.955648-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:35:01.137227-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551438,
"ParentPID": 6684890,
"Thread": 50593815,
"EventTime": "2021-09-07T05:40:00.966434-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:40:01.002181-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551438,
"ParentPID": 6684890,
"Thread": 50593815,
"EventTime": "2021-09-07T05:40:00.966434-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:40:01.002966-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 04:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551438,
"ParentPID": 6684890,
"Thread": 50593815,
"EventTime": "2021-09-07T05:40:00.966434-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:40:01.003781-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551438,
"ParentPID": 6684890,
"Thread": 50593815,
"EventTime": "2021-09-07T05:40:00.968031-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:40:01.004535-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192026,
"ParentPID": 6684890,
"Thread": 22937779,
"EventTime": "2021-09-07T05:45:00.976830-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:45:01.232543-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192026,
"ParentPID": 6684890,
"Thread": 22937779,
"EventTime": "2021-09-07T05:45:00.976830-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:45:01.233324-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 04:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192026,
"ParentPID": 6684890,
"Thread": 22937779,
"EventTime": "2021-09-07T05:45:00.977301-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:45:01.234133-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192026,
"ParentPID": 6684890,
"Thread": 22937779,
"EventTime": "2021-09-07T05:45:00.978738-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:45:01.234886-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10551442",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10223796,
"ParentPID": 10551442,
"Thread": 39649385,
"EventTime": "2021-09-07T05:45:00.992343-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:45:01.235436-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00102238188eDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223818,
"ParentPID": 8192036,
"Thread": 35258533,
"EventTime": "2021-09-07T05:48:47.654341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:48:47.843897-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192044,
"ParentPID": 10551444,
"Thread": 29425835,
"EventTime": "2021-09-07T05:48:47.684489-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:48:47.844757-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00093718968M0Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371896,
"ParentPID": 8192046,
"Thread": 40501499,
"EventTime": "2021-09-07T05:48:47.764341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:48:47.845564-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551446,
"ParentPID": 6684890,
"Thread": 44171459,
"EventTime": "2021-09-07T05:50:00.995457-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:50:01.182934-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551446,
"ParentPID": 6684890,
"Thread": 44171459,
"EventTime": "2021-09-07T05:50:00.995457-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:50:01.183764-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 04:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551446,
"ParentPID": 6684890,
"Thread": 44171459,
"EventTime": "2021-09-07T05:50:00.995457-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:50:01.184527-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551446,
"ParentPID": 6684890,
"Thread": 44171459,
"EventTime": "2021-09-07T05:50:01.002340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:50:01.185273-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551448,
"ParentPID": 6684890,
"Thread": 45154469,
"EventTime": "2021-09-07T05:55:00.004885-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:55:00.186583-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551448,
"ParentPID": 6684890,
"Thread": 45154469,
"EventTime": "2021-09-07T05:55:00.004885-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:55:00.187409-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 04:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551448,
"ParentPID": 6684890,
"Thread": 45154469,
"EventTime": "2021-09-07T05:55:00.004885-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:55:00.188175-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551448,
"ParentPID": 6684890,
"Thread": 45154469,
"EventTime": "2021-09-07T05:55:00.012340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T05:55:00.188920-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551450,
"ParentPID": 6684890,
"Thread": 29425849,
"EventTime": "2021-09-07T06:00:00.019554-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:00:00.095882-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551450,
"ParentPID": 6684890,
"Thread": 29425849,
"EventTime": "2021-09-07T06:00:00.020524-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:00:00.096703-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 05:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551450,
"ParentPID": 6684890,
"Thread": 29425849,
"EventTime": "2021-09-07T06:00:00.020524-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:00:00.097466-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551450,
"ParentPID": 6684890,
"Thread": 29425849,
"EventTime": "2021-09-07T06:00:00.020524-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:00:00.098214-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00093716622I0Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371662,
"ParentPID": 10551462,
"Thread": 44564651,
"EventTime": "2021-09-07T06:03:47.894341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:03:48.105215-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10551470,
"ParentPID": 8192052,
"Thread": 38928521,
"EventTime": "2021-09-07T06:03:47.906184-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:03:48.106037-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009371686330Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371686,
"ParentPID": 10551472,
"Thread": 44564675,
"EventTime": "2021-09-07T06:03:48.005463-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:03:48.106782-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192054,
"ParentPID": 6684890,
"Thread": 39649403,
"EventTime": "2021-09-07T06:05:00.022448-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:05:00.212821-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192054,
"ParentPID": 6684890,
"Thread": 39649403,
"EventTime": "2021-09-07T06:05:00.022448-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:05:00.213649-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 05:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192054,
"ParentPID": 6684890,
"Thread": 39649403,
"EventTime": "2021-09-07T06:05:00.022448-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:05:00.214401-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192054,
"ParentPID": 6684890,
"Thread": 39649403,
"EventTime": "2021-09-07T06:05:00.022448-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:05:00.215145-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192060,
"ParentPID": 6684890,
"Thread": 22741181,
"EventTime": "2021-09-07T06:10:00.036240-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:10:00.167444-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192060,
"ParentPID": 6684890,
"Thread": 22741181,
"EventTime": "2021-09-07T06:10:00.036240-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:10:00.168271-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 05:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192060,
"ParentPID": 6684890,
"Thread": 22741181,
"EventTime": "2021-09-07T06:10:00.036240-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:10:00.169033-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192060,
"ParentPID": 6684890,
"Thread": 22741181,
"EventTime": "2021-09-07T06:10:00.044433-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:10:00.169777-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192062,
"ParentPID": 6684890,
"Thread": 42401835,
"EventTime": "2021-09-07T06:15:00.043078-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:15:00.064112-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192062,
"ParentPID": 6684890,
"Thread": 42401835,
"EventTime": "2021-09-07T06:15:00.053081-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:15:00.064889-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 05:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192062,
"ParentPID": 6684890,
"Thread": 42401835,
"EventTime": "2021-09-07T06:15:00.053081-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:15:00.065651-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192062,
"ParentPID": 6684890,
"Thread": 42401835,
"EventTime": "2021-09-07T06:15:00.053081-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:15:00.066396-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009371708wy0Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371708,
"ParentPID": 10551486,
"Thread": 46006471,
"EventTime": "2021-09-07T06:18:48.133345-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:18:48.392832-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10551494,
"ParentPID": 8192068,
"Thread": 47055037,
"EventTime": "2021-09-07T06:18:48.151518-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:18:48.393692-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009371732xi0Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371732,
"ParentPID": 10551496,
"Thread": 46006495,
"EventTime": "2021-09-07T06:18:48.243760-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:18:48.394504-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192070,
"ParentPID": 6684890,
"Thread": 29950085,
"EventTime": "2021-09-07T06:20:00.059864-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:20:00.206867-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192070,
"ParentPID": 6684890,
"Thread": 29950085,
"EventTime": "2021-09-07T06:20:00.059864-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:20:00.207692-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 05:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192070,
"ParentPID": 6684890,
"Thread": 29950085,
"EventTime": "2021-09-07T06:20:00.059864-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:20:00.208448-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192070,
"ParentPID": 6684890,
"Thread": 29950085,
"EventTime": "2021-09-07T06:20:00.059864-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:20:00.209196-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192072,
"ParentPID": 6684890,
"Thread": 39518305,
"EventTime": "2021-09-07T06:25:00.072504-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:25:00.141195-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192072,
"ParentPID": 6684890,
"Thread": 39518305,
"EventTime": "2021-09-07T06:25:00.072504-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:25:00.142070-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 05:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192072,
"ParentPID": 6684890,
"Thread": 39518305,
"EventTime": "2021-09-07T06:25:00.072504-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:25:00.142891-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192072,
"ParentPID": 6684890,
"Thread": 39518305,
"EventTime": "2021-09-07T06:25:00.072504-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:25:00.143644-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192074,
"ParentPID": 6684890,
"Thread": 49872913,
"EventTime": "2021-09-07T06:30:00.079817-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:30:00.321863-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192074,
"ParentPID": 6684890,
"Thread": 49872913,
"EventTime": "2021-09-07T06:30:00.079817-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:30:00.322693-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 05:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192074,
"ParentPID": 6684890,
"Thread": 49872913,
"EventTime": "2021-09-07T06:30:00.079817-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:30:00.323450-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192074,
"ParentPID": 6684890,
"Thread": 49872913,
"EventTime": "2021-09-07T06:30:00.079817-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:30:00.324189-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-07T06:33:11.497114-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:33:11.682322-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009371754ri0Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371754,
"ParentPID": 10551506,
"Thread": 34013405,
"EventTime": "2021-09-07T06:33:48.373340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:33:48.664283-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10551514,
"ParentPID": 8192078,
"Thread": 28967027,
"EventTime": "2021-09-07T06:33:48.388959-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:33:48.665187-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009371778rQ0Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371778,
"ParentPID": 10551516,
"Thread": 34013429,
"EventTime": "2021-09-07T06:33:48.489036-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:33:48.665941-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371786,
"ParentPID": 6684890,
"Thread": 38011033,
"EventTime": "2021-09-07T06:35:00.085940-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:35:00.172880-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371786,
"ParentPID": 6684890,
"Thread": 38011033,
"EventTime": "2021-09-07T06:35:00.085940-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:35:00.173688-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 05:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371786,
"ParentPID": 6684890,
"Thread": 38011033,
"EventTime": "2021-09-07T06:35:00.085940-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:35:00.174432-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371786,
"ParentPID": 6684890,
"Thread": 38011033,
"EventTime": "2021-09-07T06:35:00.085940-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:35:00.175163-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10551524",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 8192080,
"ParentPID": 10551524,
"Thread": 47185993,
"EventTime": "2021-09-07T06:35:00.105946-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:35:00.175696-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371792,
"ParentPID": 6684890,
"Thread": 40304641,
"EventTime": "2021-09-07T06:40:00.114085-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:40:00.125013-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371792,
"ParentPID": 6684890,
"Thread": 40304641,
"EventTime": "2021-09-07T06:40:00.114085-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:40:00.125779-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 05:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371792,
"ParentPID": 6684890,
"Thread": 40304641,
"EventTime": "2021-09-07T06:40:00.114085-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:40:00.126535-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371792,
"ParentPID": 6684890,
"Thread": 40304641,
"EventTime": "2021-09-07T06:40:00.114085-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:40:00.127282-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371794,
"ParentPID": 6684890,
"Thread": 31457431,
"EventTime": "2021-09-07T06:45:00.124041-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:45:00.345501-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371794,
"ParentPID": 6684890,
"Thread": 31457431,
"EventTime": "2021-09-07T06:45:00.124041-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:45:00.346323-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 05:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371794,
"ParentPID": 6684890,
"Thread": 31457431,
"EventTime": "2021-09-07T06:45:00.124041-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:45:00.347083-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371794,
"ParentPID": 6684890,
"Thread": 31457431,
"EventTime": "2021-09-07T06:45:00.126415-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:45:00.347830-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008192102lQ6qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8192102,
"ParentPID": 10551538,
"Thread": 42008731,
"EventTime": "2021-09-07T06:48:48.612886-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:48:48.753493-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10551546,
"ParentPID": 9371796,
"Thread": 37093463,
"EventTime": "2021-09-07T06:48:48.622888-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:48:48.754266-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008192126m76qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8192126,
"ParentPID": 10551548,
"Thread": 42008755,
"EventTime": "2021-09-07T06:48:48.722923-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:48:48.755016-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371798,
"ParentPID": 6684890,
"Thread": 41615375,
"EventTime": "2021-09-07T06:50:00.130873-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:50:00.262030-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371798,
"ParentPID": 6684890,
"Thread": 41615375,
"EventTime": "2021-09-07T06:50:00.130873-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:50:00.262859-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 05:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371798,
"ParentPID": 6684890,
"Thread": 41615375,
"EventTime": "2021-09-07T06:50:00.130873-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:50:00.263620-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371798,
"ParentPID": 6684890,
"Thread": 41615375,
"EventTime": "2021-09-07T06:50:00.130873-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:50:00.264365-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371800,
"ParentPID": 6684890,
"Thread": 30277759,
"EventTime": "2021-09-07T06:55:00.143459-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:55:00.170446-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371800,
"ParentPID": 6684890,
"Thread": 30277759,
"EventTime": "2021-09-07T06:55:00.143459-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:55:00.171228-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 05:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371800,
"ParentPID": 6684890,
"Thread": 30277759,
"EventTime": "2021-09-07T06:55:00.143459-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:55:00.172044-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371800,
"ParentPID": 6684890,
"Thread": 30277759,
"EventTime": "2021-09-07T06:55:00.143459-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T06:55:00.172792-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192130,
"ParentPID": 6684890,
"Thread": 36175901,
"EventTime": "2021-09-07T07:00:00.152403-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:00:00.327998-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192130,
"ParentPID": 6684890,
"Thread": 36175901,
"EventTime": "2021-09-07T07:00:00.152403-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:00:00.328815-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 06:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192130,
"ParentPID": 6684890,
"Thread": 36175901,
"EventTime": "2021-09-07T07:00:00.152403-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:00:00.329584-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192130,
"ParentPID": 6684890,
"Thread": 36175901,
"EventTime": "2021-09-07T07:00:00.152403-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:00:00.330332-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011468832g7HMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468832,
"ParentPID": 8192142,
"Thread": 41156787,
"EventTime": "2021-09-07T07:03:48.853654-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:03:48.994618-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192150,
"ParentPID": 9371808,
"Thread": 30146661,
"EventTime": "2021-09-07T07:03:48.872340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:03:48.995425-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011468856hmHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468856,
"ParentPID": 8192152,
"Thread": 41156811,
"EventTime": "2021-09-07T07:03:48.968778-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:03:48.996160-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371810,
"ParentPID": 6684890,
"Thread": 28967061,
"EventTime": "2021-09-07T07:05:00.161490-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:05:00.212283-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371810,
"ParentPID": 6684890,
"Thread": 28967061,
"EventTime": "2021-09-07T07:05:00.161490-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:05:00.213096-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 06:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371810,
"ParentPID": 6684890,
"Thread": 28967061,
"EventTime": "2021-09-07T07:05:00.161490-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:05:00.213848-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371810,
"ParentPID": 6684890,
"Thread": 28967061,
"EventTime": "2021-09-07T07:05:00.161490-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:05:00.214652-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371812,
"ParentPID": 6684890,
"Thread": 44892329,
"EventTime": "2021-09-07T07:10:00.169340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:10:00.393261-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371812,
"ParentPID": 6684890,
"Thread": 44892329,
"EventTime": "2021-09-07T07:10:00.169340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:10:00.394075-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 06:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371812,
"ParentPID": 6684890,
"Thread": 44892329,
"EventTime": "2021-09-07T07:10:00.169340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:10:00.394827-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371812,
"ParentPID": 6684890,
"Thread": 44892329,
"EventTime": "2021-09-07T07:10:00.169340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:10:00.395570-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371814,
"ParentPID": 6684890,
"Thread": 30605459,
"EventTime": "2021-09-07T07:15:00.178502-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:15:00.278022-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371814,
"ParentPID": 6684890,
"Thread": 30605459,
"EventTime": "2021-09-07T07:15:00.178502-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:15:00.278843-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 06:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371814,
"ParentPID": 6684890,
"Thread": 30605459,
"EventTime": "2021-09-07T07:15:00.178502-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:15:00.279608-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371814,
"ParentPID": 6684890,
"Thread": 30605459,
"EventTime": "2021-09-07T07:15:00.178502-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:15:00.280362-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011468878bmHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468878,
"ParentPID": 8192162,
"Thread": 40173821,
"EventTime": "2021-09-07T07:18:49.092581-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:18:49.272215-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192170,
"ParentPID": 9371816,
"Thread": 41156831,
"EventTime": "2021-09-07T07:18:49.111340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:18:49.273033-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223688bUDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223688,
"ParentPID": 8192172,
"Thread": 29819055,
"EventTime": "2021-09-07T07:18:49.202617-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:18:49.273770-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192174,
"ParentPID": 6684890,
"Thread": 30540013,
"EventTime": "2021-09-07T07:20:00.188920-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:20:00.219302-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192174,
"ParentPID": 6684890,
"Thread": 30540013,
"EventTime": "2021-09-07T07:20:00.188920-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:20:00.220137-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 06:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192174,
"ParentPID": 6684890,
"Thread": 30540013,
"EventTime": "2021-09-07T07:20:00.188920-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:20:00.220911-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192174,
"ParentPID": 6684890,
"Thread": 30540013,
"EventTime": "2021-09-07T07:20:00.188920-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:20:00.221659-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192176,
"ParentPID": 6684890,
"Thread": 43253903,
"EventTime": "2021-09-07T07:25:00.198340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:25:00.424357-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192176,
"ParentPID": 6684890,
"Thread": 43253903,
"EventTime": "2021-09-07T07:25:00.198340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:25:00.425177-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 06:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192176,
"ParentPID": 6684890,
"Thread": 43253903,
"EventTime": "2021-09-07T07:25:00.198340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:25:00.425935-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192176,
"ParentPID": 6684890,
"Thread": 43253903,
"EventTime": "2021-09-07T07:25:00.198340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:25:00.426679-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192178,
"ParentPID": 6684890,
"Thread": 49676313,
"EventTime": "2021-09-07T07:30:00.208969-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:30:00.335882-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192178,
"ParentPID": 6684890,
"Thread": 49676313,
"EventTime": "2021-09-07T07:30:00.208969-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:30:00.336679-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 06:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192178,
"ParentPID": 6684890,
"Thread": 49676313,
"EventTime": "2021-09-07T07:30:00.208969-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:30:00.337423-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192178,
"ParentPID": 6684890,
"Thread": 49676313,
"EventTime": "2021-09-07T07:30:00.208969-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:30:00.338156-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10223690",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 11468882,
"ParentPID": 10223690,
"Thread": 37748765,
"EventTime": "2021-09-07T07:30:00.228341-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:30:00.338787-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-07T07:33:11.381340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:33:11.448314-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011468904XUHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468904,
"ParentPID": 10223700,
"Thread": 22937835,
"EventTime": "2021-09-07T07:33:49.330340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:33:49.621159-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10223708,
"ParentPID": 8192182,
"Thread": 42008785,
"EventTime": "2021-09-07T07:33:49.340340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:33:49.621973-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009437338YAAaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9437338,
"ParentPID": 10289342,
"Thread": 29032525,
"EventTime": "2021-09-07T07:33:49.440340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:33:49.622710-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192184,
"ParentPID": 6684890,
"Thread": 42991673,
"EventTime": "2021-09-07T07:35:00.232803-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:35:00.533891-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192184,
"ParentPID": 6684890,
"Thread": 42991673,
"EventTime": "2021-09-07T07:35:00.232803-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:35:00.534712-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 06:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192184,
"ParentPID": 6684890,
"Thread": 42991673,
"EventTime": "2021-09-07T07:35:00.234874-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:35:00.535477-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192184,
"ParentPID": 6684890,
"Thread": 42991673,
"EventTime": "2021-09-07T07:35:00.234874-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:35:00.536246-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192186,
"ParentPID": 6684890,
"Thread": 28049593,
"EventTime": "2021-09-07T07:40:00.242448-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:40:00.443465-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192186,
"ParentPID": 6684890,
"Thread": 28049593,
"EventTime": "2021-09-07T07:40:00.242448-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:40:00.444281-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 06:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192186,
"ParentPID": 6684890,
"Thread": 28049593,
"EventTime": "2021-09-07T07:40:00.242448-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:40:00.445045-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192186,
"ParentPID": 6684890,
"Thread": 28049593,
"EventTime": "2021-09-07T07:40:00.246318-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:40:00.445797-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192190,
"ParentPID": 6684890,
"Thread": 30277787,
"EventTime": "2021-09-07T07:45:00.247340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:45:00.306825-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192190,
"ParentPID": 6684890,
"Thread": 30277787,
"EventTime": "2021-09-07T07:45:00.247340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:45:00.307684-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 06:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192190,
"ParentPID": 6684890,
"Thread": 30277787,
"EventTime": "2021-09-07T07:45:00.254962-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:45:00.308511-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192190,
"ParentPID": 6684890,
"Thread": 30277787,
"EventTime": "2021-09-07T07:45:00.255865-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:45:00.309263-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009830646S7B7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9830646,
"ParentPID": 9437350,
"Thread": 38600739,
"EventTime": "2021-09-07T07:48:49.569341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:48:49.617683-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9437358,
"ParentPID": 8192192,
"Thread": 41025699,
"EventTime": "2021-09-07T07:48:49.587983-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:48:49.618446-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009830414TqB7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9830414,
"ParentPID": 9437360,
"Thread": 38600763,
"EventTime": "2021-09-07T07:48:49.679342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:48:49.919487-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192194,
"ParentPID": 6684890,
"Thread": 31457461,
"EventTime": "2021-09-07T07:50:00.260037-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:50:00.526621-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192194,
"ParentPID": 6684890,
"Thread": 31457461,
"EventTime": "2021-09-07T07:50:00.260037-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:50:00.527100-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 06:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192194,
"ParentPID": 6684890,
"Thread": 31457461,
"EventTime": "2021-09-07T07:50:00.260037-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:50:00.527594-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192194,
"ParentPID": 6684890,
"Thread": 31457461,
"EventTime": "2021-09-07T07:50:00.260037-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:50:00.528057-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192196,
"ParentPID": 6684890,
"Thread": 47972403,
"EventTime": "2021-09-07T07:55:00.261058-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:55:00.281354-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192196,
"ParentPID": 6684890,
"Thread": 47972403,
"EventTime": "2021-09-07T07:55:00.261058-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:55:00.281865-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 06:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192196,
"ParentPID": 6684890,
"Thread": 47972403,
"EventTime": "2021-09-07T07:55:00.264750-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:55:00.282337-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192196,
"ParentPID": 6684890,
"Thread": 47972403,
"EventTime": "2021-09-07T07:55:00.264750-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T07:55:00.282798-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192198,
"ParentPID": 6684890,
"Thread": 36438127,
"EventTime": "2021-09-07T08:00:00.262668-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:00:00.378123-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192198,
"ParentPID": 6684890,
"Thread": 36438127,
"EventTime": "2021-09-07T08:00:00.262668-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:00:00.378684-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 07:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192198,
"ParentPID": 6684890,
"Thread": 36438127,
"EventTime": "2021-09-07T08:00:00.267339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:00:00.379201-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192198,
"ParentPID": 6684890,
"Thread": 36438127,
"EventTime": "2021-09-07T08:00:00.267339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:00:00.379679-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009044178MU97aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9044178,
"ParentPID": 8192210,
"Thread": 20840475,
"EventTime": "2021-09-07T08:03:49.756098-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:03:49.856711-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192218,
"ParentPID": 10551362,
"Thread": 42532921,
"EventTime": "2021-09-07T08:03:49.769339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:03:49.857215-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009044202Ny97aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9044202,
"ParentPID": 8192220,
"Thread": 20840499,
"EventTime": "2021-09-07T08:03:49.831712-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:03:49.857667-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551364,
"ParentPID": 6684890,
"Thread": 38732031,
"EventTime": "2021-09-07T08:05:00.268657-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:05:00.437223-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551364,
"ParentPID": 6684890,
"Thread": 38732031,
"EventTime": "2021-09-07T08:05:00.268657-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:05:00.437731-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 07:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551364,
"ParentPID": 6684890,
"Thread": 38732031,
"EventTime": "2021-09-07T08:05:00.268657-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:05:00.438235-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551364,
"ParentPID": 6684890,
"Thread": 38732031,
"EventTime": "2021-09-07T08:05:00.268657-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:05:00.438695-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551366,
"ParentPID": 6684890,
"Thread": 34013223,
"EventTime": "2021-09-07T08:10:00.276640-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:10:00.525129-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551366,
"ParentPID": 6684890,
"Thread": 34013223,
"EventTime": "2021-09-07T08:10:00.276640-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:10:00.525937-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 07:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551366,
"ParentPID": 6684890,
"Thread": 34013223,
"EventTime": "2021-09-07T08:10:00.277340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:10:00.526681-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551366,
"ParentPID": 6684890,
"Thread": 34013223,
"EventTime": "2021-09-07T08:10:00.277340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:10:00.527641-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551368,
"ParentPID": 5439688,
"Thread": 38469659,
"EventTime": "2021-09-07T08:14:35.040466-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:14:35.141605-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551370,
"ParentPID": 5439688,
"Thread": 38469661,
"EventTime": "2021-09-07T08:14:35.351307-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:14:35.444393-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551372,
"ParentPID": 5439688,
"Thread": 38469663,
"EventTime": "2021-09-07T08:14:35.677340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:14:35.748225-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551374,
"ParentPID": 5439688,
"Thread": 38469665,
"EventTime": "2021-09-07T08:14:36.504635-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:14:36.655880-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551376,
"ParentPID": 5439688,
"Thread": 38469667,
"EventTime": "2021-09-07T08:14:36.987340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:14:37.257855-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551378,
"ParentPID": 5439688,
"Thread": 38469669,
"EventTime": "2021-09-07T08:14:38.733419-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:14:38.771525-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551380,
"ParentPID": 5439688,
"Thread": 38469671,
"EventTime": "2021-09-07T08:14:44.107340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:14:44.196576-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551382,
"ParentPID": 5439688,
"Thread": 38469673,
"EventTime": "2021-09-07T08:14:44.387340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:14:44.498152-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551384,
"ParentPID": 5439688,
"Thread": 38469675,
"EventTime": "2021-09-07T08:14:44.817340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:14:45.108876-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551386,
"ParentPID": 5439688,
"Thread": 38469677,
"EventTime": "2021-09-07T08:14:45.198251-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:14:45.418162-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551388,
"ParentPID": 6684890,
"Thread": 38469679,
"EventTime": "2021-09-07T08:15:00.280206-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:15:00.440124-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551388,
"ParentPID": 6684890,
"Thread": 38469679,
"EventTime": "2021-09-07T08:15:00.280206-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:15:00.440932-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 07:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551388,
"ParentPID": 6684890,
"Thread": 38469679,
"EventTime": "2021-09-07T08:15:00.286340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:15:00.441681-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551388,
"ParentPID": 6684890,
"Thread": 38469679,
"EventTime": "2021-09-07T08:15:00.286340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:15:00.442413-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551390,
"ParentPID": 5439688,
"Thread": 32440523,
"EventTime": "2021-09-07T08:18:25.373066-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:25.396766-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.08192222",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9044204,
"ParentPID": 8192222,
"Thread": 47972421,
"EventTime": "2021-09-07T08:18:25.390431-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:25.397355-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8192224.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8192224,
"ParentPID": 10551390,
"Thread": 41025707,
"EventTime": "2021-09-07T08:18:25.510368-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:25.698939-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8192224",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9044220,
"ParentPID": 8192224,
"Thread": 47972437,
"EventTime": "2021-09-07T08:18:25.540738-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:25.699744-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9044220,
"ParentPID": 8192224,
"Thread": 47972437,
"EventTime": "2021-09-07T08:18:25.546003-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:25.700495-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9043968aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9043968,
"ParentPID": 8192224,
"Thread": 47972441,
"EventTime": "2021-09-07T08:18:25.550741-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:25.701238-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9043968aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9043968,
"ParentPID": 8192224,
"Thread": 47972441,
"EventTime": "2021-09-07T08:18:25.550741-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:25.702026-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9043968aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9043968,
"ParentPID": 8192224,
"Thread": 47972441,
"EventTime": "2021-09-07T08:18:25.560343-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:25.702737-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8192224/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9043974,
"ParentPID": 8192224,
"Thread": 47972447,
"EventTime": "2021-09-07T08:18:25.570747-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:25.703445-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8192224",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9043976,
"ParentPID": 8192224,
"Thread": 47972449,
"EventTime": "2021-09-07T08:18:25.573139-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:25.704146-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8192226,
"ParentPID": 10551390,
"Thread": 41025709,
"EventTime": "2021-09-07T08:18:25.573139-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:25.704850-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192226,
"ParentPID": 10551390,
"Thread": 41025709,
"EventTime": "2021-09-07T08:18:25.573139-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:25.705522-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551392,
"ParentPID": 5439688,
"Thread": 32440525,
"EventTime": "2021-09-07T08:18:25.971737-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:26.011161-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8192228.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8192228,
"ParentPID": 10551392,
"Thread": 41025711,
"EventTime": "2021-09-07T08:18:26.102080-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:26.313491-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8192228",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9043992,
"ParentPID": 8192228,
"Thread": 47972465,
"EventTime": "2021-09-07T08:18:26.132091-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:26.314254-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9043992,
"ParentPID": 8192228,
"Thread": 47972465,
"EventTime": "2021-09-07T08:18:26.142094-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:26.314998-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9043996aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9043996,
"ParentPID": 8192228,
"Thread": 47972469,
"EventTime": "2021-09-07T08:18:26.152097-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:26.315731-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9043996aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9043996,
"ParentPID": 8192228,
"Thread": 47972469,
"EventTime": "2021-09-07T08:18:26.152097-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:26.316452-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9043996aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9043996,
"ParentPID": 8192228,
"Thread": 47972469,
"EventTime": "2021-09-07T08:18:26.152097-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:26.317166-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8192228/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9044002,
"ParentPID": 8192228,
"Thread": 47972475,
"EventTime": "2021-09-07T08:18:26.162101-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:26.317866-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8192228",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9044004,
"ParentPID": 8192228,
"Thread": 47972477,
"EventTime": "2021-09-07T08:18:26.170369-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:26.318562-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8192230,
"ParentPID": 10551392,
"Thread": 41025713,
"EventTime": "2021-09-07T08:18:26.172104-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:26.319274-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192230,
"ParentPID": 10551392,
"Thread": 41025713,
"EventTime": "2021-09-07T08:18:26.172104-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:26.319961-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551394,
"ParentPID": 5439688,
"Thread": 32440527,
"EventTime": "2021-09-07T08:18:27.235030-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:27.535585-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8192232.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8192232,
"ParentPID": 10551394,
"Thread": 41025715,
"EventTime": "2021-09-07T08:18:27.364393-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:27.536387-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8192232",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9044020,
"ParentPID": 8192232,
"Thread": 47972493,
"EventTime": "2021-09-07T08:18:27.394402-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:27.537118-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9044020,
"ParentPID": 8192232,
"Thread": 47972493,
"EventTime": "2021-09-07T08:18:27.404441-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:27.537840-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044024aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044024,
"ParentPID": 8192232,
"Thread": 47972497,
"EventTime": "2021-09-07T08:18:27.409340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:27.538552-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044024aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044024,
"ParentPID": 8192232,
"Thread": 47972497,
"EventTime": "2021-09-07T08:18:27.414447-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:27.539260-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044024aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044024,
"ParentPID": 8192232,
"Thread": 47972497,
"EventTime": "2021-09-07T08:18:27.414447-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:27.539996-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8192232/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9044030,
"ParentPID": 8192232,
"Thread": 47972503,
"EventTime": "2021-09-07T08:18:27.424450-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:27.540742-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8192232",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9044032,
"ParentPID": 8192232,
"Thread": 47972505,
"EventTime": "2021-09-07T08:18:27.429340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:27.541449-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8192234,
"ParentPID": 10551394,
"Thread": 41025717,
"EventTime": "2021-09-07T08:18:27.434453-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:27.542122-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192234,
"ParentPID": 10551394,
"Thread": 41025717,
"EventTime": "2021-09-07T08:18:27.434453-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:27.542762-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551396,
"ParentPID": 5439688,
"Thread": 32440529,
"EventTime": "2021-09-07T08:18:39.049340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:39.261762-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551398,
"ParentPID": 5439688,
"Thread": 32440531,
"EventTime": "2021-09-07T08:18:40.449987-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:40.470217-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551400,
"ParentPID": 5439688,
"Thread": 32440533,
"EventTime": "2021-09-07T08:18:41.833717-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:41.975009-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551402,
"ParentPID": 5439688,
"Thread": 32440535,
"EventTime": "2021-09-07T08:18:43.219340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:43.487757-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8192236.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8192236,
"ParentPID": 10551402,
"Thread": 41025719,
"EventTime": "2021-09-07T08:18:43.349340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:43.488515-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8192236",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9044048,
"ParentPID": 8192236,
"Thread": 47972521,
"EventTime": "2021-09-07T08:18:43.379340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:43.489247-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9044048,
"ParentPID": 8192236,
"Thread": 47972521,
"EventTime": "2021-09-07T08:18:43.389340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:43.490016-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044052aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044052,
"ParentPID": 8192236,
"Thread": 47972525,
"EventTime": "2021-09-07T08:18:43.399340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:43.490774-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044052aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044052,
"ParentPID": 8192236,
"Thread": 47972525,
"EventTime": "2021-09-07T08:18:43.399340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:43.491499-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044052aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044052,
"ParentPID": 8192236,
"Thread": 47972525,
"EventTime": "2021-09-07T08:18:43.399340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:43.492199-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8192236/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9044054,
"ParentPID": 8192236,
"Thread": 47972527,
"EventTime": "2021-09-07T08:18:43.409427-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:43.492890-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8192236",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9044056,
"ParentPID": 8192236,
"Thread": 47972529,
"EventTime": "2021-09-07T08:18:43.413837-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:43.493592-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8192238,
"ParentPID": 10551402,
"Thread": 41025721,
"EventTime": "2021-09-07T08:18:43.419340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:43.494266-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192238,
"ParentPID": 10551402,
"Thread": 41025721,
"EventTime": "2021-09-07T08:18:43.419340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:43.494913-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551404,
"ParentPID": 5439688,
"Thread": 32440537,
"EventTime": "2021-09-07T08:18:44.681341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:44.702230-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8192240.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8192240,
"ParentPID": 10551404,
"Thread": 41025723,
"EventTime": "2021-09-07T08:18:44.811675-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:45.010200-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8192240",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9044072,
"ParentPID": 8192240,
"Thread": 47972545,
"EventTime": "2021-09-07T08:18:44.841686-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:45.010997-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9044072,
"ParentPID": 8192240,
"Thread": 47972545,
"EventTime": "2021-09-07T08:18:44.851713-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:45.011761-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044076aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044076,
"ParentPID": 8192240,
"Thread": 47972549,
"EventTime": "2021-09-07T08:18:44.859340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:45.012487-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044076aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044076,
"ParentPID": 8192240,
"Thread": 47972549,
"EventTime": "2021-09-07T08:18:44.861716-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:45.013197-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044076aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044076,
"ParentPID": 8192240,
"Thread": 47972549,
"EventTime": "2021-09-07T08:18:44.861716-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:45.013904-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8192240/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9044082,
"ParentPID": 8192240,
"Thread": 47972555,
"EventTime": "2021-09-07T08:18:44.871719-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:45.014601-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8192240",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9044084,
"ParentPID": 8192240,
"Thread": 47972557,
"EventTime": "2021-09-07T08:18:44.871719-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:45.015295-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8192242,
"ParentPID": 10551404,
"Thread": 41025725,
"EventTime": "2021-09-07T08:18:44.879340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:45.015989-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192242,
"ParentPID": 10551404,
"Thread": 41025725,
"EventTime": "2021-09-07T08:18:44.879340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:45.016668-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551406,
"ParentPID": 5439688,
"Thread": 32440539,
"EventTime": "2021-09-07T08:18:46.172684-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:46.223550-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009044106Hq97aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9044106,
"ParentPID": 8192252,
"Thread": 47972579,
"EventTime": "2021-09-07T08:18:49.949340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:50.136665-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192004,
"ParentPID": 10551408,
"Thread": 41025743,
"EventTime": "2021-09-07T08:18:49.965549-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:50.137463-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009044128HY97aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9044128,
"ParentPID": 11468910,
"Thread": 47972601,
"EventTime": "2021-09-07T08:18:50.055582-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:50.138188-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192006,
"ParentPID": 5439688,
"Thread": 41025745,
"EventTime": "2021-09-07T08:18:51.894421-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:51.943175-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.05636118",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10223712,
"ParentPID": 5636118,
"Thread": 41156611,
"EventTime": "2021-09-07T08:18:51.910718-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:18:51.943812-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192008,
"ParentPID": 6684890,
"Thread": 42467387,
"EventTime": "2021-09-07T08:20:00.288236-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:20:00.462598-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192008,
"ParentPID": 6684890,
"Thread": 42467387,
"EventTime": "2021-09-07T08:20:00.288236-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:20:00.463363-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 07:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192008,
"ParentPID": 6684890,
"Thread": 42467387,
"EventTime": "2021-09-07T08:20:00.296343-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:20:00.464123-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192008,
"ParentPID": 6684890,
"Thread": 42467387,
"EventTime": "2021-09-07T08:20:00.296343-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:20:00.464883-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192010,
"ParentPID": 5439688,
"Thread": 41025759,
"EventTime": "2021-09-07T08:22:00.965120-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:22:01.002233-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh5636120.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 5636120,
"ParentPID": 8192010,
"Thread": 38666427,
"EventTime": "2021-09-07T08:22:01.092340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:22:01.306488-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.5636120",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10223728,
"ParentPID": 5636120,
"Thread": 49676357,
"EventTime": "2021-09-07T08:22:01.131630-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:22:01.307244-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10223728,
"ParentPID": 5636120,
"Thread": 49676357,
"EventTime": "2021-09-07T08:22:01.133620-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:22:01.307973-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223732aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223732,
"ParentPID": 5636120,
"Thread": 49676361,
"EventTime": "2021-09-07T08:22:01.142341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:22:01.308705-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223732aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223732,
"ParentPID": 5636120,
"Thread": 49676361,
"EventTime": "2021-09-07T08:22:01.142341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:22:01.309418-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223732aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223732,
"ParentPID": 5636120,
"Thread": 49676361,
"EventTime": "2021-09-07T08:22:01.151636-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:22:01.310124-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.5636120/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10223734,
"ParentPID": 5636120,
"Thread": 49676363,
"EventTime": "2021-09-07T08:22:01.161974-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:22:01.310823-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.5636120",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10223736,
"ParentPID": 5636120,
"Thread": 49676365,
"EventTime": "2021-09-07T08:22:01.162341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:22:01.311630-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 5636122,
"ParentPID": 8192010,
"Thread": 38666429,
"EventTime": "2021-09-07T08:22:01.165217-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:22:01.312363-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636122,
"ParentPID": 8192010,
"Thread": 38666429,
"EventTime": "2021-09-07T08:22:01.165217-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:22:01.313066-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192012,
"ParentPID": 5439688,
"Thread": 41025761,
"EventTime": "2021-09-07T08:22:07.152340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:22:07.321295-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh5636124.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 5636124,
"ParentPID": 8192012,
"Thread": 38666431,
"EventTime": "2021-09-07T08:22:07.282340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:22:07.322044-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.5636124",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10223752,
"ParentPID": 5636124,
"Thread": 49676381,
"EventTime": "2021-09-07T08:22:07.315636-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:22:07.322795-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10223752,
"ParentPID": 5636124,
"Thread": 49676381,
"EventTime": "2021-09-07T08:22:07.322340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:22:07.630165-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223756aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223756,
"ParentPID": 5636124,
"Thread": 49676385,
"EventTime": "2021-09-07T08:22:07.332340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:22:07.630962-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223756aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223756,
"ParentPID": 5636124,
"Thread": 49676385,
"EventTime": "2021-09-07T08:22:07.332340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:22:07.631692-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223756aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223756,
"ParentPID": 5636124,
"Thread": 49676385,
"EventTime": "2021-09-07T08:22:07.338543-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:22:07.632444-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.5636124/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10223758,
"ParentPID": 5636124,
"Thread": 49676387,
"EventTime": "2021-09-07T08:22:07.348545-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:22:07.633168-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.5636124",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10223760,
"ParentPID": 5636124,
"Thread": 49676389,
"EventTime": "2021-09-07T08:22:07.352365-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:22:07.633931-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 5636126,
"ParentPID": 8192012,
"Thread": 38666433,
"EventTime": "2021-09-07T08:22:07.352365-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:22:07.634638-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636126,
"ParentPID": 8192012,
"Thread": 38666433,
"EventTime": "2021-09-07T08:22:07.352365-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:22:07.635335-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636130,
"ParentPID": 6684890,
"Thread": 45351029,
"EventTime": "2021-09-07T08:25:00.298078-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:25:00.425078-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636130,
"ParentPID": 6684890,
"Thread": 45351029,
"EventTime": "2021-09-07T08:25:00.298078-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:25:00.425839-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 07:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636130,
"ParentPID": 6684890,
"Thread": 45351029,
"EventTime": "2021-09-07T08:25:00.306341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:25:00.426630-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636130,
"ParentPID": 6684890,
"Thread": 45351029,
"EventTime": "2021-09-07T08:25:00.306341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:25:00.427434-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636132,
"ParentPID": 6684890,
"Thread": 44826737,
"EventTime": "2021-09-07T08:30:00.313684-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:30:00.614855-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636132,
"ParentPID": 6684890,
"Thread": 44826737,
"EventTime": "2021-09-07T08:30:00.313684-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:30:00.615631-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 07:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636132,
"ParentPID": 6684890,
"Thread": 44826737,
"EventTime": "2021-09-07T08:30:00.316340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:30:00.616427-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636132,
"ParentPID": 6684890,
"Thread": 44826737,
"EventTime": "2021-09-07T08:30:00.316340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:30:00.617182-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-07T08:33:11.260347-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:33:11.481235-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223782BYDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223782,
"ParentPID": 8192024,
"Thread": 41418839,
"EventTime": "2021-09-07T08:33:50.179621-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:33:50.257826-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192032,
"ParentPID": 5636136,
"Thread": 45023407,
"EventTime": "2021-09-07T08:33:50.199627-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:33:50.258655-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223806CIDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223806,
"ParentPID": 8192034,
"Thread": 41418863,
"EventTime": "2021-09-07T08:33:50.299706-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:33:50.561250-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636138,
"ParentPID": 6684890,
"Thread": 32178205,
"EventTime": "2021-09-07T08:35:00.323319-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:35:00.574061-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636138,
"ParentPID": 6684890,
"Thread": 32178205,
"EventTime": "2021-09-07T08:35:00.323319-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:35:00.574828-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 07:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636138,
"ParentPID": 6684890,
"Thread": 32178205,
"EventTime": "2021-09-07T08:35:00.323319-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:35:00.575575-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636138,
"ParentPID": 6684890,
"Thread": 32178205,
"EventTime": "2021-09-07T08:35:00.323319-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:35:00.576302-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636140,
"ParentPID": 6684890,
"Thread": 31195187,
"EventTime": "2021-09-07T08:40:00.334372-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:40:00.465120-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636140,
"ParentPID": 6684890,
"Thread": 31195187,
"EventTime": "2021-09-07T08:40:00.334372-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:40:00.465941-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 07:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636140,
"ParentPID": 6684890,
"Thread": 31195187,
"EventTime": "2021-09-07T08:40:00.336340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:40:00.466782-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636140,
"ParentPID": 6684890,
"Thread": 31195187,
"EventTime": "2021-09-07T08:40:00.336340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:40:00.467576-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636142,
"ParentPID": 6684890,
"Thread": 40501269,
"EventTime": "2021-09-07T08:45:00.344300-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:45:00.375535-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636142,
"ParentPID": 6684890,
"Thread": 40501269,
"EventTime": "2021-09-07T08:45:00.344300-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:45:00.376354-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 07:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636142,
"ParentPID": 6684890,
"Thread": 40501269,
"EventTime": "2021-09-07T08:45:00.344300-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:45:00.377117-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636142,
"ParentPID": 6684890,
"Thread": 40501269,
"EventTime": "2021-09-07T08:45:00.344300-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:45:00.377904-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00102238287EDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223828,
"ParentPID": 8192044,
"Thread": 48234533,
"EventTime": "2021-09-07T08:48:50.428383-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:48:50.602049-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192052,
"ParentPID": 5636144,
"Thread": 38011089,
"EventTime": "2021-09-07T08:48:50.440986-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:48:50.602852-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00102238528yDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223852,
"ParentPID": 8192054,
"Thread": 48234557,
"EventTime": "2021-09-07T08:48:50.541027-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:48:50.603583-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636146,
"ParentPID": 6684890,
"Thread": 44826771,
"EventTime": "2021-09-07T08:50:00.354354-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:50:00.596354-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636146,
"ParentPID": 6684890,
"Thread": 44826771,
"EventTime": "2021-09-07T08:50:00.354354-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:50:00.597129-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 07:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636146,
"ParentPID": 6684890,
"Thread": 44826771,
"EventTime": "2021-09-07T08:50:00.356340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:50:00.597915-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636146,
"ParentPID": 6684890,
"Thread": 44826771,
"EventTime": "2021-09-07T08:50:00.356340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:50:00.598642-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.08192056",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10223854,
"ParentPID": 8192056,
"Thread": 40501285,
"EventTime": "2021-09-07T08:50:00.374361-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:50:00.599176-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636148,
"ParentPID": 5439688,
"Thread": 49938489,
"EventTime": "2021-09-07T08:52:17.304288-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:52:17.604825-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636150,
"ParentPID": 6684890,
"Thread": 50135085,
"EventTime": "2021-09-07T08:55:00.375340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:55:00.486043-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636150,
"ParentPID": 6684890,
"Thread": 50135085,
"EventTime": "2021-09-07T08:55:00.375340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:55:00.486851-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 07:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636150,
"ParentPID": 6684890,
"Thread": 50135085,
"EventTime": "2021-09-07T08:55:00.377706-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:55:00.487598-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636150,
"ParentPID": 6684890,
"Thread": 50135085,
"EventTime": "2021-09-07T08:55:00.377706-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T08:55:00.488334-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636152,
"ParentPID": 6684890,
"Thread": 40960119,
"EventTime": "2021-09-07T09:00:00.386466-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:00:00.404207-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636152,
"ParentPID": 6684890,
"Thread": 40960119,
"EventTime": "2021-09-07T09:00:00.386466-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:00:00.404962-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 08:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636152,
"ParentPID": 6684890,
"Thread": 40960119,
"EventTime": "2021-09-07T09:00:00.386466-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:00:00.405746-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636152,
"ParentPID": 6684890,
"Thread": 40960119,
"EventTime": "2021-09-07T09:00:00.386466-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:00:00.406534-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192060,
"ParentPID": 5439688,
"Thread": 44564705,
"EventTime": "2021-09-07T09:01:34.892340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:01:35.082412-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00102236202uDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223620,
"ParentPID": 5636164,
"Thread": 45351069,
"EventTime": "2021-09-07T09:03:50.667340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:03:50.957746-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 5636172,
"ParentPID": 8192064,
"Thread": 40108059,
"EventTime": "2021-09-07T09:03:50.681963-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:03:50.958564-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00102236443eDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223644,
"ParentPID": 5636174,
"Thread": 45351093,
"EventTime": "2021-09-07T09:03:50.777340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:03:50.959302-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223646,
"ParentPID": 6684890,
"Thread": 43122785,
"EventTime": "2021-09-07T09:05:00.395340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:05:00.641812-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223646,
"ParentPID": 6684890,
"Thread": 43122785,
"EventTime": "2021-09-07T09:05:00.395340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:05:00.642623-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 08:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223646,
"ParentPID": 6684890,
"Thread": 43122785,
"EventTime": "2021-09-07T09:05:00.397913-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:05:00.643366-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223646,
"ParentPID": 6684890,
"Thread": 43122785,
"EventTime": "2021-09-07T09:05:00.397913-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:05:00.644098-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223648,
"ParentPID": 6684890,
"Thread": 44433421,
"EventTime": "2021-09-07T09:10:00.402735-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:10:00.573377-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223648,
"ParentPID": 6684890,
"Thread": 44433421,
"EventTime": "2021-09-07T09:10:00.402735-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:10:00.574138-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 08:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223648,
"ParentPID": 6684890,
"Thread": 44433421,
"EventTime": "2021-09-07T09:10:00.402735-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:10:00.574887-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223648,
"ParentPID": 6684890,
"Thread": 44433421,
"EventTime": "2021-09-07T09:10:00.402735-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:10:00.575634-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223650,
"ParentPID": 6684890,
"Thread": 45351119,
"EventTime": "2021-09-07T09:15:00.415340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:15:00.475491-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223650,
"ParentPID": 6684890,
"Thread": 45351119,
"EventTime": "2021-09-07T09:15:00.415340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:15:00.476298-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 08:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223650,
"ParentPID": 6684890,
"Thread": 45351119,
"EventTime": "2021-09-07T09:15:00.415340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:15:00.477050-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223650,
"ParentPID": 6684890,
"Thread": 45351119,
"EventTime": "2021-09-07T09:15:00.415340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:15:00.477799-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636196wav7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636196,
"ParentPID": 8192074,
"Thread": 41681033,
"EventTime": "2021-09-07T09:18:50.899495-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:18:50.996447-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192082,
"ParentPID": 10223652,
"Thread": 42729567,
"EventTime": "2021-09-07T09:18:50.919503-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:18:50.997208-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636220wMv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636220,
"ParentPID": 8192084,
"Thread": 41681057,
"EventTime": "2021-09-07T09:18:51.019543-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:18:51.298169-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223654,
"ParentPID": 6684890,
"Thread": 44433443,
"EventTime": "2021-09-07T09:20:00.422938-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:20:00.701152-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223654,
"ParentPID": 6684890,
"Thread": 44433443,
"EventTime": "2021-09-07T09:20:00.422938-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:20:00.701976-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 08:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223654,
"ParentPID": 6684890,
"Thread": 44433443,
"EventTime": "2021-09-07T09:20:00.422938-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:20:00.702719-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223654,
"ParentPID": 6684890,
"Thread": 44433443,
"EventTime": "2021-09-07T09:20:00.422938-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:20:00.703455-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223656,
"ParentPID": 6684890,
"Thread": 47906963,
"EventTime": "2021-09-07T09:25:00.434340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:25:00.647571-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223656,
"ParentPID": 6684890,
"Thread": 47906963,
"EventTime": "2021-09-07T09:25:00.434340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:25:00.648378-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 08:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223656,
"ParentPID": 6684890,
"Thread": 47906963,
"EventTime": "2021-09-07T09:25:00.436159-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:25:00.649120-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223656,
"ParentPID": 6684890,
"Thread": 47906963,
"EventTime": "2021-09-07T09:25:00.436159-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:25:00.649855-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223658,
"ParentPID": 6684890,
"Thread": 50004029,
"EventTime": "2021-09-07T09:30:00.444342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:30:00.484792-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223658,
"ParentPID": 6684890,
"Thread": 50004029,
"EventTime": "2021-09-07T09:30:00.444342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:30:00.485624-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 08:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223658,
"ParentPID": 6684890,
"Thread": 50004029,
"EventTime": "2021-09-07T09:30:00.444342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:30:00.486390-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223658,
"ParentPID": 6684890,
"Thread": 50004029,
"EventTime": "2021-09-07T09:30:00.444342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:30:00.487132-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-07T09:33:11.138340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:33:11.358375-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636242qIv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636242,
"ParentPID": 8192094,
"Thread": 37748817,
"EventTime": "2021-09-07T09:33:51.146345-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:33:51.336005-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192102,
"ParentPID": 10223662,
"Thread": 34013271,
"EventTime": "2021-09-07T09:33:51.156340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:33:51.336905-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636266r3v7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636266,
"ParentPID": 8192104,
"Thread": 37748841,
"EventTime": "2021-09-07T09:33:51.256340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:33:51.337691-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223664,
"ParentPID": 6684890,
"Thread": 41681083,
"EventTime": "2021-09-07T09:35:00.454340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:35:00.743676-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223664,
"ParentPID": 6684890,
"Thread": 41681083,
"EventTime": "2021-09-07T09:35:00.454340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:35:00.744495-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 08:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223664,
"ParentPID": 6684890,
"Thread": 41681083,
"EventTime": "2021-09-07T09:35:00.454340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:35:00.745253-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223664,
"ParentPID": 6684890,
"Thread": 41681083,
"EventTime": "2021-09-07T09:35:00.454340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:35:00.746055-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223666,
"ParentPID": 6684890,
"Thread": 39583977,
"EventTime": "2021-09-07T09:40:00.464340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:40:00.650525-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223666,
"ParentPID": 6684890,
"Thread": 39583977,
"EventTime": "2021-09-07T09:40:00.464340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:40:00.651291-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 08:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223666,
"ParentPID": 6684890,
"Thread": 39583977,
"EventTime": "2021-09-07T09:40:00.464340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:40:00.652049-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223666,
"ParentPID": 6684890,
"Thread": 39583977,
"EventTime": "2021-09-07T09:40:00.464340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:40:00.652875-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192108,
"ParentPID": 6684890,
"Thread": 49676425,
"EventTime": "2021-09-07T09:45:00.474340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:45:00.592776-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192108,
"ParentPID": 6684890,
"Thread": 49676425,
"EventTime": "2021-09-07T09:45:00.474340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:45:00.593588-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 08:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192108,
"ParentPID": 6684890,
"Thread": 49676425,
"EventTime": "2021-09-07T09:45:00.474340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:45:00.594335-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192108,
"ParentPID": 6684890,
"Thread": 49676425,
"EventTime": "2021-09-07T09:45:00.474340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:45:00.595101-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10223670",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 5636268,
"ParentPID": 10223670,
"Thread": 50790559,
"EventTime": "2021-09-07T09:45:00.492051-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:45:00.595685-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636290lyv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636290,
"ParentPID": 10223680,
"Thread": 46006317,
"EventTime": "2021-09-07T09:48:51.386372-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:48:51.667214-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10223688,
"ParentPID": 8192110,
"Thread": 44826833,
"EventTime": "2021-09-07T09:48:51.400556-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:48:51.668030-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636314miv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636314,
"ParentPID": 10223690,
"Thread": 46006341,
"EventTime": "2021-09-07T09:48:51.496344-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:48:51.668759-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192112,
"ParentPID": 6684890,
"Thread": 29425881,
"EventTime": "2021-09-07T09:50:00.497775-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:50:00.785074-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192112,
"ParentPID": 6684890,
"Thread": 29425881,
"EventTime": "2021-09-07T09:50:00.497775-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:50:00.785882-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 08:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192112,
"ParentPID": 6684890,
"Thread": 29425881,
"EventTime": "2021-09-07T09:50:00.497775-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:50:00.786636-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192112,
"ParentPID": 6684890,
"Thread": 29425881,
"EventTime": "2021-09-07T09:50:00.497775-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:50:00.787370-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192114,
"ParentPID": 6684890,
"Thread": 31588565,
"EventTime": "2021-09-07T09:55:00.505142-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:55:00.696484-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192114,
"ParentPID": 6684890,
"Thread": 31588565,
"EventTime": "2021-09-07T09:55:00.505142-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:55:00.697290-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 08:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192114,
"ParentPID": 6684890,
"Thread": 31588565,
"EventTime": "2021-09-07T09:55:00.505142-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:55:00.698038-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192114,
"ParentPID": 6684890,
"Thread": 31588565,
"EventTime": "2021-09-07T09:55:00.508425-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T09:55:00.698769-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192116,
"ParentPID": 6684890,
"Thread": 32440571,
"EventTime": "2021-09-07T10:00:00.513342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:00:00.592638-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192116,
"ParentPID": 6684890,
"Thread": 32440571,
"EventTime": "2021-09-07T10:00:00.513342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:00:00.593500-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 09:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192116,
"ParentPID": 6684890,
"Thread": 32440571,
"EventTime": "2021-09-07T10:00:00.517745-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:00:00.594269-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192116,
"ParentPID": 6684890,
"Thread": 32440571,
"EventTime": "2021-09-07T10:00:00.517745-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:00:00.595158-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223712giDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223712,
"ParentPID": 8192128,
"Thread": 47448113,
"EventTime": "2021-09-07T10:03:51.625367-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:03:51.736179-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192136,
"ParentPID": 5636320,
"Thread": 45351153,
"EventTime": "2021-09-07T10:03:51.641503-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:03:51.736980-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223736gUDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223736,
"ParentPID": 8192138,
"Thread": 47448137,
"EventTime": "2021-09-07T10:03:51.741540-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:03:52.043326-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636324,
"ParentPID": 6684890,
"Thread": 32768169,
"EventTime": "2021-09-07T10:05:00.526333-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:05:00.553116-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636324,
"ParentPID": 6684890,
"Thread": 32768169,
"EventTime": "2021-09-07T10:05:00.526333-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:05:00.553926-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 09:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636324,
"ParentPID": 6684890,
"Thread": 32768169,
"EventTime": "2021-09-07T10:05:00.528300-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:05:00.554723-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636324,
"ParentPID": 6684890,
"Thread": 32768169,
"EventTime": "2021-09-07T10:05:00.528300-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:05:00.555455-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636330,
"ParentPID": 6684890,
"Thread": 41549947,
"EventTime": "2021-09-07T10:10:00.533341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:10:00.758528-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636330,
"ParentPID": 6684890,
"Thread": 41549947,
"EventTime": "2021-09-07T10:10:00.533341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:10:00.759278-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 09:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636330,
"ParentPID": 6684890,
"Thread": 41549947,
"EventTime": "2021-09-07T10:10:00.533341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:10:00.760022-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636330,
"ParentPID": 6684890,
"Thread": 41549947,
"EventTime": "2021-09-07T10:10:00.533341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:10:00.760752-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192148,
"ParentPID": 6684890,
"Thread": 47251609,
"EventTime": "2021-09-07T10:15:00.546511-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:15:00.664800-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192148,
"ParentPID": 6684890,
"Thread": 47251609,
"EventTime": "2021-09-07T10:15:00.546511-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:15:00.665621-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 09:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192148,
"ParentPID": 6684890,
"Thread": 47251609,
"EventTime": "2021-09-07T10:15:00.548475-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:15:00.666367-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192148,
"ParentPID": 6684890,
"Thread": 47251609,
"EventTime": "2021-09-07T10:15:00.548475-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:15:00.667095-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223758aUDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223758,
"ParentPID": 5636342,
"Thread": 44368117,
"EventTime": "2021-09-07T10:18:51.865341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:18:51.984761-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 5636350,
"ParentPID": 8192150,
"Thread": 36503569,
"EventTime": "2021-09-07T10:18:51.885340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:18:51.985596-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223782bADaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223782,
"ParentPID": 5636096,
"Thread": 44367885,
"EventTime": "2021-09-07T10:18:51.975340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:18:51.986348-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10748148,
"ParentPID": 6684890,
"Thread": 50135141,
"EventTime": "2021-09-07T10:20:00.556441-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:20:00.751676-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10748148,
"ParentPID": 6684890,
"Thread": 50135141,
"EventTime": "2021-09-07T10:20:00.556441-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:20:00.752491-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 09:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10748148,
"ParentPID": 6684890,
"Thread": 50135141,
"EventTime": "2021-09-07T10:20:00.556441-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:20:00.753236-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10748148,
"ParentPID": 6684890,
"Thread": 50135141,
"EventTime": "2021-09-07T10:20:00.556441-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:20:00.754019-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044212,
"ParentPID": 6684890,
"Thread": 50462755,
"EventTime": "2021-09-07T10:25:00.566137-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:25:00.654276-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044212,
"ParentPID": 6684890,
"Thread": 50462755,
"EventTime": "2021-09-07T10:25:00.566137-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:25:00.655078-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 09:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9044212,
"ParentPID": 6684890,
"Thread": 50462755,
"EventTime": "2021-09-07T10:25:00.566137-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:25:00.655826-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9044212,
"ParentPID": 6684890,
"Thread": 50462755,
"EventTime": "2021-09-07T10:25:00.566137-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:25:00.656566-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044214,
"ParentPID": 6684890,
"Thread": 30539825,
"EventTime": "2021-09-07T10:30:00.570448-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:30:00.870948-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044214,
"ParentPID": 6684890,
"Thread": 30539825,
"EventTime": "2021-09-07T10:30:00.570448-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:30:00.871869-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 09:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9044214,
"ParentPID": 6684890,
"Thread": 30539825,
"EventTime": "2021-09-07T10:30:00.570448-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:30:00.872641-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9044214,
"ParentPID": 6684890,
"Thread": 30539825,
"EventTime": "2021-09-07T10:30:00.577784-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:30:00.873441-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-07T10:33:11.016343-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:33:11.089604-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008192172XA6qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8192172,
"ParentPID": 10747904,
"Thread": 36503595,
"EventTime": "2021-09-07T10:33:52.104340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:33:52.267347-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10747912,
"ParentPID": 9044218,
"Thread": 44367905,
"EventTime": "2021-09-07T10:33:52.124340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:33:52.268146-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008192196Yq6qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8192196,
"ParentPID": 10747914,
"Thread": 36503619,
"EventTime": "2021-09-07T10:33:52.221327-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:33:52.268873-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044220,
"ParentPID": 6684890,
"Thread": 48234597,
"EventTime": "2021-09-07T10:35:00.582340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:35:00.783076-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044220,
"ParentPID": 6684890,
"Thread": 48234597,
"EventTime": "2021-09-07T10:35:00.582340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:35:00.783891-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 09:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9044220,
"ParentPID": 6684890,
"Thread": 48234597,
"EventTime": "2021-09-07T10:35:00.582340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:35:00.784636-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9044220,
"ParentPID": 6684890,
"Thread": 48234597,
"EventTime": "2021-09-07T10:35:00.582340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:35:00.785361-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10747916",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 8192198,
"ParentPID": 10747916,
"Thread": 34406551,
"EventTime": "2021-09-07T10:35:00.602340-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:35:00.785885-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044222,
"ParentPID": 6684890,
"Thread": 30539847,
"EventTime": "2021-09-07T10:40:00.603238-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:40:00.689172-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044222,
"ParentPID": 6684890,
"Thread": 30539847,
"EventTime": "2021-09-07T10:40:00.603238-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:40:00.689975-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 09:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9044222,
"ParentPID": 6684890,
"Thread": 30539847,
"EventTime": "2021-09-07T10:40:00.603238-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:40:00.690733-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9044222,
"ParentPID": 6684890,
"Thread": 30539847,
"EventTime": "2021-09-07T10:40:00.610415-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:40:00.691459-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9043968,
"ParentPID": 6684890,
"Thread": 49348705,
"EventTime": "2021-09-07T10:45:00.617509-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:45:00.895936-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9043968,
"ParentPID": 6684890,
"Thread": 49348705,
"EventTime": "2021-09-07T10:45:00.617509-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:45:00.896754-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 09:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9043968,
"ParentPID": 6684890,
"Thread": 49348705,
"EventTime": "2021-09-07T10:45:00.617509-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:45:00.897513-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9043968,
"ParentPID": 6684890,
"Thread": 49348705,
"EventTime": "2021-09-07T10:45:00.617509-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:45:00.898247-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008192220Sq6qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8192220,
"ParentPID": 10747926,
"Thread": 39256141,
"EventTime": "2021-09-07T10:48:52.344342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:48:52.622532-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10747934,
"ParentPID": 9043970,
"Thread": 31719649,
"EventTime": "2021-09-07T10:48:52.367965-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:48:52.623342-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010551490SYEqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10551490,
"ParentPID": 10747936,
"Thread": 46923963,
"EventTime": "2021-09-07T10:48:52.454341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:48:52.624085-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9043972,
"ParentPID": 6684890,
"Thread": 42467425,
"EventTime": "2021-09-07T10:50:00.625017-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:50:00.865930-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9043972,
"ParentPID": 6684890,
"Thread": 42467425,
"EventTime": "2021-09-07T10:50:00.625017-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:50:00.866692-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 09:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9043972,
"ParentPID": 6684890,
"Thread": 42467425,
"EventTime": "2021-09-07T10:50:00.625017-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:50:00.867443-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9043972,
"ParentPID": 6684890,
"Thread": 42467425,
"EventTime": "2021-09-07T10:50:00.625017-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:50:00.868176-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10747940,
"ParentPID": 6684890,
"Thread": 48103481,
"EventTime": "2021-09-07T10:55:00.633224-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:55:00.749088-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10747940,
"ParentPID": 6684890,
"Thread": 48103481,
"EventTime": "2021-09-07T10:55:00.633224-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:55:00.749852-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 09:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10747940,
"ParentPID": 6684890,
"Thread": 48103481,
"EventTime": "2021-09-07T10:55:00.633224-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:55:00.750611-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10747940,
"ParentPID": 6684890,
"Thread": 48103481,
"EventTime": "2021-09-07T10:55:00.633224-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T10:55:00.751344-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10747942,
"ParentPID": 6684890,
"Thread": 38535297,
"EventTime": "2021-09-07T11:00:00.641341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:00:00.912227-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10747942,
"ParentPID": 6684890,
"Thread": 38535297,
"EventTime": "2021-09-07T11:00:00.641341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:00:00.913043-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 10:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10747942,
"ParentPID": 6684890,
"Thread": 38535297,
"EventTime": "2021-09-07T11:00:00.641341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:00:00.913794-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10747942,
"ParentPID": 6684890,
"Thread": 38535297,
"EventTime": "2021-09-07T11:00:00.641341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:00:00.914527-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010551512MUEqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10551512,
"ParentPID": 10747954,
"Thread": 38535321,
"EventTime": "2021-09-07T11:03:52.579806-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:03:52.605214-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10747962,
"ParentPID": 9043980,
"Thread": 28770489,
"EventTime": "2021-09-07T11:03:52.594342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:03:52.606019-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010551536NEEqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10551536,
"ParentPID": 10747964,
"Thread": 38535345,
"EventTime": "2021-09-07T11:03:52.694340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:03:52.907271-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9043982,
"ParentPID": 6684890,
"Thread": 35651617,
"EventTime": "2021-09-07T11:05:00.655841-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:05:00.823975-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9043982,
"ParentPID": 6684890,
"Thread": 35651617,
"EventTime": "2021-09-07T11:05:00.655841-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:05:00.824790-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 10:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9043982,
"ParentPID": 6684890,
"Thread": 35651617,
"EventTime": "2021-09-07T11:05:00.655841-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:05:00.825532-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9043982,
"ParentPID": 6684890,
"Thread": 35651617,
"EventTime": "2021-09-07T11:05:00.655841-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:05:00.826263-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9043984,
"ParentPID": 6684890,
"Thread": 46661887,
"EventTime": "2021-09-07T11:10:00.666176-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:10:00.797388-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9043984,
"ParentPID": 6684890,
"Thread": 46661887,
"EventTime": "2021-09-07T11:10:00.666176-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:10:00.798211-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 10:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9043984,
"ParentPID": 6684890,
"Thread": 46661887,
"EventTime": "2021-09-07T11:10:00.668262-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:10:00.798958-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9043984,
"ParentPID": 6684890,
"Thread": 46661887,
"EventTime": "2021-09-07T11:10:00.668262-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:10:00.799694-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9043986,
"ParentPID": 6684890,
"Thread": 48234641,
"EventTime": "2021-09-07T11:15:00.673578-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:15:00.902217-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9043986,
"ParentPID": 6684890,
"Thread": 48234641,
"EventTime": "2021-09-07T11:15:00.673578-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:15:00.903030-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 10:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9043986,
"ParentPID": 6684890,
"Thread": 48234641,
"EventTime": "2021-09-07T11:15:00.673578-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:15:00.903782-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9043986,
"ParentPID": 6684890,
"Thread": 48234641,
"EventTime": "2021-09-07T11:15:00.673578-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:15:00.904538-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010551302HAEqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10551302,
"ParentPID": 10747974,
"Thread": 28246093,
"EventTime": "2021-09-07T11:18:52.818425-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:18:52.892196-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10747982,
"ParentPID": 9043988,
"Thread": 30736589,
"EventTime": "2021-09-07T11:18:52.835482-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:18:52.892953-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010289338IuDqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10289338,
"ParentPID": 10747984,
"Thread": 38404271,
"EventTime": "2021-09-07T11:18:52.933340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:18:53.194212-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9043990,
"ParentPID": 6684890,
"Thread": 47841525,
"EventTime": "2021-09-07T11:20:00.685905-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:20:00.847158-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9043990,
"ParentPID": 6684890,
"Thread": 47841525,
"EventTime": "2021-09-07T11:20:00.685905-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:20:00.847956-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 10:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9043990,
"ParentPID": 6684890,
"Thread": 47841525,
"EventTime": "2021-09-07T11:20:00.685905-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:20:00.848706-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9043990,
"ParentPID": 6684890,
"Thread": 47841525,
"EventTime": "2021-09-07T11:20:00.685905-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:20:00.849436-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371704,
"ParentPID": 5439688,
"Thread": 29556927,
"EventTime": "2021-09-07T11:21:46.397340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:21:46.594559-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9043994.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9043994,
"ParentPID": 9371704,
"Thread": 28967135,
"EventTime": "2021-09-07T11:21:46.427340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:21:46.595299-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9043994",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 5636160,
"ParentPID": 9043994,
"Thread": 42008823,
"EventTime": "2021-09-07T11:21:46.466215-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:21:46.596027-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 5636160,
"ParentPID": 9043994,
"Thread": 42008823,
"EventTime": "2021-09-07T11:21:46.467340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:21:46.596753-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm5636164aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 5636164,
"ParentPID": 9043994,
"Thread": 42008827,
"EventTime": "2021-09-07T11:21:46.477340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:21:46.597543-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm5636164aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 5636164,
"ParentPID": 9043994,
"Thread": 42008827,
"EventTime": "2021-09-07T11:21:46.477340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:21:46.598312-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm5636164aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 5636164,
"ParentPID": 9043994,
"Thread": 42008827,
"EventTime": "2021-09-07T11:21:46.486222-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:21:46.599017-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9043994/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 5636170,
"ParentPID": 9043994,
"Thread": 42008577,
"EventTime": "2021-09-07T11:21:46.496227-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:21:46.599714-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9043994",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 5636172,
"ParentPID": 9043994,
"Thread": 42008579,
"EventTime": "2021-09-07T11:21:46.497340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:21:46.600411-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9043996,
"ParentPID": 9371704,
"Thread": 28967137,
"EventTime": "2021-09-07T11:21:46.497340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:21:46.601111-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9043996,
"ParentPID": 9371704,
"Thread": 28967137,
"EventTime": "2021-09-07T11:21:46.497340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:21:46.601775-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.05636174",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9437210,
"ParentPID": 5636174,
"Thread": 46792897,
"EventTime": "2021-09-07T11:21:46.517340-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:21:46.602253-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sshd",
"PID": 9371704,
"ParentPID": 5439688,
"Thread": 29556927,
"EventTime": "2021-09-07T11:21:46.767341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:21:46.908131-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sshd",
"PID": 9371704,
"ParentPID": 5439688,
"Thread": 29556927,
"EventTime": "2021-09-07T11:21:46.767341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:21:46.908952-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636178,
"ParentPID": 6684890,
"Thread": 42926257,
"EventTime": "2021-09-07T11:25:00.691340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:25:00.804805-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636178,
"ParentPID": 6684890,
"Thread": 42926257,
"EventTime": "2021-09-07T11:25:00.691340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:25:00.805604-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 10:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636178,
"ParentPID": 6684890,
"Thread": 42926257,
"EventTime": "2021-09-07T11:25:00.691340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:25:00.806347-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636178,
"ParentPID": 6684890,
"Thread": 42926257,
"EventTime": "2021-09-07T11:25:00.691340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:25:00.807077-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371708,
"ParentPID": 6684890,
"Thread": 40697931,
"EventTime": "2021-09-07T11:30:00.700341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:30:00.731127-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371708,
"ParentPID": 6684890,
"Thread": 40697931,
"EventTime": "2021-09-07T11:30:00.700341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:30:00.731952-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 10:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371708,
"ParentPID": 6684890,
"Thread": 40697931,
"EventTime": "2021-09-07T11:30:00.700341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:30:00.732708-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371708,
"ParentPID": 6684890,
"Thread": 40697931,
"EventTime": "2021-09-07T11:30:00.700341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:30:00.733450-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-07T11:33:10.892258-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:33:10.985797-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009044020Cq97aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9044020,
"ParentPID": 5636190,
"Thread": 48169155,
"EventTime": "2021-09-07T11:33:53.054047-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:33:53.066542-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 5636198,
"ParentPID": 9371712,
"Thread": 23855357,
"EventTime": "2021-09-07T11:33:53.074053-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:33:53.374192-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009044044Da97aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9044044,
"ParentPID": 5636200,
"Thread": 48169179,
"EventTime": "2021-09-07T11:33:53.175272-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:33:53.375001-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371714,
"ParentPID": 6684890,
"Thread": 33161411,
"EventTime": "2021-09-07T11:35:00.710231-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:35:00.973471-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371714,
"ParentPID": 6684890,
"Thread": 33161411,
"EventTime": "2021-09-07T11:35:00.710231-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:35:00.974231-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 10:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371714,
"ParentPID": 6684890,
"Thread": 33161411,
"EventTime": "2021-09-07T11:35:00.710231-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:35:00.974975-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371714,
"ParentPID": 6684890,
"Thread": 33161411,
"EventTime": "2021-09-07T11:35:00.710231-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:35:00.975701-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371716,
"ParentPID": 6684890,
"Thread": 46465265,
"EventTime": "2021-09-07T11:40:00.720340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:40:00.921202-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371716,
"ParentPID": 6684890,
"Thread": 46465265,
"EventTime": "2021-09-07T11:40:00.720340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:40:00.922014-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 10:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371716,
"ParentPID": 6684890,
"Thread": 46465265,
"EventTime": "2021-09-07T11:40:00.720340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:40:00.922763-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371716,
"ParentPID": 6684890,
"Thread": 46465265,
"EventTime": "2021-09-07T11:40:00.720340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:40:00.923502-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371718,
"ParentPID": 6684890,
"Thread": 29098073,
"EventTime": "2021-09-07T11:45:00.729859-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:45:00.869237-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371718,
"ParentPID": 6684890,
"Thread": 29098073,
"EventTime": "2021-09-07T11:45:00.729859-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:45:00.870046-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 10:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371718,
"ParentPID": 6684890,
"Thread": 29098073,
"EventTime": "2021-09-07T11:45:00.729859-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:45:00.870807-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371718,
"ParentPID": 6684890,
"Thread": 29098073,
"EventTime": "2021-09-07T11:45:00.729859-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:45:00.871612-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00092406387Y0qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240638,
"ParentPID": 5636210,
"Thread": 45416693,
"EventTime": "2021-09-07T11:48:53.292785-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:48:53.490038-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 5636218,
"ParentPID": 9371720,
"Thread": 33423611,
"EventTime": "2021-09-07T11:48:53.312790-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:48:53.490835-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00105513468IEqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10551346,
"ParentPID": 5636220,
"Thread": 35127477,
"EventTime": "2021-09-07T11:48:53.412816-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:48:53.491559-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636222,
"ParentPID": 6684890,
"Thread": 33423365,
"EventTime": "2021-09-07T11:50:00.743885-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:50:00.794787-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636222,
"ParentPID": 6684890,
"Thread": 33423365,
"EventTime": "2021-09-07T11:50:00.743885-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:50:00.795599-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 10:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636222,
"ParentPID": 6684890,
"Thread": 33423365,
"EventTime": "2021-09-07T11:50:00.743885-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:50:00.796343-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636222,
"ParentPID": 6684890,
"Thread": 33423365,
"EventTime": "2021-09-07T11:50:00.746217-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:50:00.797077-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636224,
"ParentPID": 6684890,
"Thread": 44564491,
"EventTime": "2021-09-07T11:55:00.750341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:55:00.960103-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636224,
"ParentPID": 6684890,
"Thread": 44564491,
"EventTime": "2021-09-07T11:55:00.750341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:55:00.960959-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 10:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636224,
"ParentPID": 6684890,
"Thread": 44564491,
"EventTime": "2021-09-07T11:55:00.755255-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:55:00.961770-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636224,
"ParentPID": 6684890,
"Thread": 44564491,
"EventTime": "2021-09-07T11:55:00.755255-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T11:55:00.962508-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371730,
"ParentPID": 6684890,
"Thread": 32178263,
"EventTime": "2021-09-07T12:00:00.762212-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:00:00.821780-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371730,
"ParentPID": 6684890,
"Thread": 32178263,
"EventTime": "2021-09-07T12:00:00.762212-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:00:00.822541-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 11:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371730,
"ParentPID": 6684890,
"Thread": 32178263,
"EventTime": "2021-09-07T12:00:00.762212-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:00:00.823289-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371730,
"ParentPID": 6684890,
"Thread": 32178263,
"EventTime": "2021-09-07T12:00:00.762212-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:00:00.824022-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636230,
"ParentPID": 6684890,
"Thread": 46792921,
"EventTime": "2021-09-07T12:00:00.779340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:00:00.824743-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636230,
"ParentPID": 6684890,
"Thread": 46792921,
"EventTime": "2021-09-07T12:00:00.779340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:00:00.825464-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/bin/errclear -d S,O 30 time = Tue Aug 17 11:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636230,
"ParentPID": 6684890,
"Thread": 46792921,
"EventTime": "2021-09-07T12:00:00.780733-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:00:00.826184-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636230,
"ParentPID": 6684890,
"Thread": 46792921,
"EventTime": "2021-09-07T12:00:00.780733-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:00:00.826895-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00105513682EEqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10551368,
"ParentPID": 5636242,
"Thread": 28770523,
"EventTime": "2021-09-07T12:03:53.536227-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:03:53.703195-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 5636250,
"ParentPID": 9371736,
"Thread": 36306977,
"EventTime": "2021-09-07T12:03:53.556865-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:03:53.704013-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00105513923yEqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10551392,
"ParentPID": 5636252,
"Thread": 28770547,
"EventTime": "2021-09-07T12:03:53.652340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:03:53.704750-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371738,
"ParentPID": 6684890,
"Thread": 42532995,
"EventTime": "2021-09-07T12:05:00.802973-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:05:01.021945-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371738,
"ParentPID": 6684890,
"Thread": 42532995,
"EventTime": "2021-09-07T12:05:00.802973-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:05:01.022763-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 11:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371738,
"ParentPID": 6684890,
"Thread": 42532995,
"EventTime": "2021-09-07T12:05:00.802973-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:05:01.023521-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371738,
"ParentPID": 6684890,
"Thread": 42532995,
"EventTime": "2021-09-07T12:05:00.802973-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:05:01.024267-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371740,
"ParentPID": 6684890,
"Thread": 37552315,
"EventTime": "2021-09-07T12:10:00.811782-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:10:00.932970-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371740,
"ParentPID": 6684890,
"Thread": 37552315,
"EventTime": "2021-09-07T12:10:00.811782-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:10:00.933800-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 11:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371740,
"ParentPID": 6684890,
"Thread": 37552315,
"EventTime": "2021-09-07T12:10:00.811782-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:10:00.934553-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371740,
"ParentPID": 6684890,
"Thread": 37552315,
"EventTime": "2021-09-07T12:10:00.811782-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:10:00.935296-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.05636254",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9437266,
"ParentPID": 5636254,
"Thread": 42467457,
"EventTime": "2021-09-07T12:10:00.831788-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:10:00.935837-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371742,
"ParentPID": 6684890,
"Thread": 33554683,
"EventTime": "2021-09-07T12:15:00.835971-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:15:01.127621-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371742,
"ParentPID": 6684890,
"Thread": 33554683,
"EventTime": "2021-09-07T12:15:00.835971-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:15:01.128444-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 11:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371742,
"ParentPID": 6684890,
"Thread": 33554683,
"EventTime": "2021-09-07T12:15:00.835971-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:15:01.129213-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371742,
"ParentPID": 6684890,
"Thread": 33554683,
"EventTime": "2021-09-07T12:15:00.839340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:15:01.130008-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009437288wuAaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9437288,
"ParentPID": 5636264,
"Thread": 41418919,
"EventTime": "2021-09-07T12:18:53.771340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:18:53.946142-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 5636272,
"ParentPID": 9371744,
"Thread": 39845905,
"EventTime": "2021-09-07T12:18:53.791340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:18:53.946926-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009437310xaAaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9437310,
"ParentPID": 10223850,
"Thread": 41418941,
"EventTime": "2021-09-07T12:18:53.881340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:18:53.947684-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371746,
"ParentPID": 6684890,
"Thread": 29491325,
"EventTime": "2021-09-07T12:20:00.847119-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:20:00.963229-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371746,
"ParentPID": 6684890,
"Thread": 29491325,
"EventTime": "2021-09-07T12:20:00.847119-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:20:00.964051-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 11:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371746,
"ParentPID": 6684890,
"Thread": 29491325,
"EventTime": "2021-09-07T12:20:00.847119-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:20:00.964818-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371746,
"ParentPID": 6684890,
"Thread": 29491325,
"EventTime": "2021-09-07T12:20:00.849340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:20:00.965573-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371748,
"ParentPID": 6684890,
"Thread": 38207495,
"EventTime": "2021-09-07T12:25:00.851389-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:25:01.148320-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371748,
"ParentPID": 6684890,
"Thread": 38207495,
"EventTime": "2021-09-07T12:25:00.851389-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:25:01.149146-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 11:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371748,
"ParentPID": 6684890,
"Thread": 38207495,
"EventTime": "2021-09-07T12:25:00.859340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:25:01.149954-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371748,
"ParentPID": 6684890,
"Thread": 38207495,
"EventTime": "2021-09-07T12:25:00.859340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:25:01.150755-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371754,
"ParentPID": 6684890,
"Thread": 37552339,
"EventTime": "2021-09-07T12:30:00.861390-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:30:01.049277-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371754,
"ParentPID": 6684890,
"Thread": 37552339,
"EventTime": "2021-09-07T12:30:00.861390-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:30:01.050107-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 11:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371754,
"ParentPID": 6684890,
"Thread": 37552339,
"EventTime": "2021-09-07T12:30:00.868341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:30:01.050885-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371754,
"ParentPID": 6684890,
"Thread": 37552339,
"EventTime": "2021-09-07T12:30:00.868341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:30:01.051647-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-07T12:33:10.773014-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:33:10.895375-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010551428qIEqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10551428,
"ParentPID": 9044084,
"Thread": 47382767,
"EventTime": "2021-09-07T12:33:53.971339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:33:54.157531-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9044092,
"ParentPID": 9371758,
"Thread": 46333957,
"EventTime": "2021-09-07T12:33:53.981339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:33:54.158037-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010551452rmEqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10551452,
"ParentPID": 9044094,
"Thread": 47382535,
"EventTime": "2021-09-07T12:33:54.041356-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:33:54.158494-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371760,
"ParentPID": 6684890,
"Thread": 29556965,
"EventTime": "2021-09-07T12:35:00.871584-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:35:01.162653-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371760,
"ParentPID": 6684890,
"Thread": 29556965,
"EventTime": "2021-09-07T12:35:00.871584-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:35:01.163169-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 11:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371760,
"ParentPID": 6684890,
"Thread": 29556965,
"EventTime": "2021-09-07T12:35:00.871584-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:35:01.163647-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371760,
"ParentPID": 6684890,
"Thread": 29556965,
"EventTime": "2021-09-07T12:35:00.871584-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:35:01.164114-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371762,
"ParentPID": 6684890,
"Thread": 38011129,
"EventTime": "2021-09-07T12:40:00.878340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:40:00.944362-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371762,
"ParentPID": 6684890,
"Thread": 38011129,
"EventTime": "2021-09-07T12:40:00.878340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:40:00.945140-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 11:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371762,
"ParentPID": 6684890,
"Thread": 38011129,
"EventTime": "2021-09-07T12:40:00.878340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:40:00.945908-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371762,
"ParentPID": 6684890,
"Thread": 38011129,
"EventTime": "2021-09-07T12:40:00.878340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:40:00.946661-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371764,
"ParentPID": 6684890,
"Thread": 50069583,
"EventTime": "2021-09-07T12:45:00.888340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:45:01.123701-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371764,
"ParentPID": 6684890,
"Thread": 50069583,
"EventTime": "2021-09-07T12:45:00.888340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:45:01.124518-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 11:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371764,
"ParentPID": 6684890,
"Thread": 50069583,
"EventTime": "2021-09-07T12:45:00.888340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:45:01.125284-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371764,
"ParentPID": 6684890,
"Thread": 50069583,
"EventTime": "2021-09-07T12:45:00.888340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:45:01.126030-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010551474liEqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10551474,
"ParentPID": 9044104,
"Thread": 30736629,
"EventTime": "2021-09-07T12:48:54.161494-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:48:54.351218-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9044112,
"ParentPID": 9371766,
"Thread": 48431347,
"EventTime": "2021-09-07T12:48:54.172596-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:48:54.352045-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010551498lQEqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10551498,
"ParentPID": 9044114,
"Thread": 30736397,
"EventTime": "2021-09-07T12:48:54.271534-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:48:54.352779-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371768,
"ParentPID": 6684890,
"Thread": 31654113,
"EventTime": "2021-09-07T12:50:00.899678-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:50:01.100759-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371768,
"ParentPID": 6684890,
"Thread": 31654113,
"EventTime": "2021-09-07T12:50:00.899678-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:50:01.101582-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 11:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371768,
"ParentPID": 6684890,
"Thread": 31654113,
"EventTime": "2021-09-07T12:50:00.899678-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:50:01.102340-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371768,
"ParentPID": 6684890,
"Thread": 31654113,
"EventTime": "2021-09-07T12:50:00.899678-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:50:01.103088-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044118,
"ParentPID": 6684890,
"Thread": 44302481,
"EventTime": "2021-09-07T12:55:00.908340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:55:00.971542-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044118,
"ParentPID": 6684890,
"Thread": 44302481,
"EventTime": "2021-09-07T12:55:00.908340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:55:00.972312-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 11:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9044118,
"ParentPID": 6684890,
"Thread": 44302481,
"EventTime": "2021-09-07T12:55:00.908340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:55:00.973136-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9044118,
"ParentPID": 6684890,
"Thread": 44302481,
"EventTime": "2021-09-07T12:55:00.908340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T12:55:00.973881-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371772,
"ParentPID": 6684890,
"Thread": 38338783,
"EventTime": "2021-09-07T13:00:00.913763-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:00:01.165351-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371772,
"ParentPID": 6684890,
"Thread": 38338783,
"EventTime": "2021-09-07T13:00:00.913763-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:00:01.166118-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 12:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371772,
"ParentPID": 6684890,
"Thread": 38338783,
"EventTime": "2021-09-07T13:00:00.913763-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:00:01.166873-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371772,
"ParentPID": 6684890,
"Thread": 38338783,
"EventTime": "2021-09-07T13:00:00.913763-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:00:01.167624-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044120,
"ParentPID": 6684890,
"Thread": 47448201,
"EventTime": "2021-09-07T13:00:00.926605-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:00:01.168355-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044120,
"ParentPID": 6684890,
"Thread": 47448201,
"EventTime": "2021-09-07T13:00:00.926605-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:00:01.169136-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/bin/errclear -d H 90 time = Tue Aug 17 12:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9044120,
"ParentPID": 6684890,
"Thread": 47448201,
"EventTime": "2021-09-07T13:00:00.926605-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:00:01.169866-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9044120,
"ParentPID": 6684890,
"Thread": 47448201,
"EventTime": "2021-09-07T13:00:00.926605-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:00:01.170576-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10551500",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9437352,
"ParentPID": 10551500,
"Thread": 47382545,
"EventTime": "2021-09-07T13:00:00.943774-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:00:01.171107-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010551522fMEqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10551522,
"ParentPID": 9044132,
"Thread": 33226917,
"EventTime": "2021-09-07T13:03:54.399395-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:03:54.427967-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9044140,
"ParentPID": 9371778,
"Thread": 29556745,
"EventTime": "2021-09-07T13:03:54.415419-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:03:54.428732-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010551546g7Eqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10551546,
"ParentPID": 9044142,
"Thread": 33226941,
"EventTime": "2021-09-07T13:03:54.515458-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:03:54.730193-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044144,
"ParentPID": 6684890,
"Thread": 23658559,
"EventTime": "2021-09-07T13:05:00.970424-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:05:01.160935-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044144,
"ParentPID": 6684890,
"Thread": 23658559,
"EventTime": "2021-09-07T13:05:00.970424-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:05:01.161766-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 12:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9044144,
"ParentPID": 6684890,
"Thread": 23658559,
"EventTime": "2021-09-07T13:05:00.970424-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:05:01.162534-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9044144,
"ParentPID": 6684890,
"Thread": 23658559,
"EventTime": "2021-09-07T13:05:00.970424-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:05:01.163282-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044146,
"ParentPID": 6684890,
"Thread": 40960161,
"EventTime": "2021-09-07T13:10:00.977340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:10:01.024880-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044146,
"ParentPID": 6684890,
"Thread": 40960161,
"EventTime": "2021-09-07T13:10:00.977340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:10:01.025657-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 12:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9044146,
"ParentPID": 6684890,
"Thread": 40960161,
"EventTime": "2021-09-07T13:10:00.977340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:10:01.026422-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9044146,
"ParentPID": 6684890,
"Thread": 40960161,
"EventTime": "2021-09-07T13:10:00.977340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:10:01.027163-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044148,
"ParentPID": 6684890,
"Thread": 29556773,
"EventTime": "2021-09-07T13:15:00.988259-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:15:01.249810-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044148,
"ParentPID": 6684890,
"Thread": 29556773,
"EventTime": "2021-09-07T13:15:00.988259-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:15:01.250633-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 12:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9044148,
"ParentPID": 6684890,
"Thread": 29556773,
"EventTime": "2021-09-07T13:15:00.988259-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:15:01.251395-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9044148,
"ParentPID": 6684890,
"Thread": 29556773,
"EventTime": "2021-09-07T13:15:00.988259-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:15:01.252141-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009240728a70qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240728,
"ParentPID": 10551300,
"Thread": 44433503,
"EventTime": "2021-09-07T13:18:54.640364-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:18:54.733056-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10551308,
"ParentPID": 9044150,
"Thread": 46006383,
"EventTime": "2021-09-07T13:18:54.660373-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:18:54.733883-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010289396biDqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10289396,
"ParentPID": 5636276,
"Thread": 38404321,
"EventTime": "2021-09-07T13:18:54.748341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:18:55.034837-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289398,
"ParentPID": 6684890,
"Thread": 38404329,
"EventTime": "2021-09-07T13:20:00.995349-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:20:01.170172-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289398,
"ParentPID": 6684890,
"Thread": 38404329,
"EventTime": "2021-09-07T13:20:00.995349-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:20:01.170943-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 12:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10289398,
"ParentPID": 6684890,
"Thread": 38404329,
"EventTime": "2021-09-07T13:20:00.995349-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:20:01.171697-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10289398,
"ParentPID": 6684890,
"Thread": 38404329,
"EventTime": "2021-09-07T13:20:00.995349-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:20:01.172442-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289400,
"ParentPID": 6684890,
"Thread": 40697995,
"EventTime": "2021-09-07T13:25:00.004950-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:25:00.256114-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289400,
"ParentPID": 6684890,
"Thread": 40697995,
"EventTime": "2021-09-07T13:25:00.004950-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:25:00.256947-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 12:24:59 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10289400,
"ParentPID": 6684890,
"Thread": 40697995,
"EventTime": "2021-09-07T13:25:00.004950-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:25:00.257713-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10289400,
"ParentPID": 6684890,
"Thread": 40697995,
"EventTime": "2021-09-07T13:25:00.004950-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:25:00.258555-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289402,
"ParentPID": 6684890,
"Thread": 14483683,
"EventTime": "2021-09-07T13:30:00.014340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:30:00.193893-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289402,
"ParentPID": 6684890,
"Thread": 14483683,
"EventTime": "2021-09-07T13:30:00.014340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:30:00.194717-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 12:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10289402,
"ParentPID": 6684890,
"Thread": 14483683,
"EventTime": "2021-09-07T13:30:00.018081-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:30:00.195540-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10289402,
"ParentPID": 6684890,
"Thread": 14483683,
"EventTime": "2021-09-07T13:30:00.018081-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:30:00.196315-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-07T13:33:10.640970-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:33:10.703174-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485824XiEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485824,
"ParentPID": 11010112,
"Thread": 46596231,
"EventTime": "2021-09-07T13:33:54.866340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:33:54.895777-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11010120,
"ParentPID": 10289154,
"Thread": 30539903,
"EventTime": "2021-09-07T13:33:54.888652-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:33:54.896577-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485848XUEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485848,
"ParentPID": 11010122,
"Thread": 46596255,
"EventTime": "2021-09-07T13:33:54.986340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:33:55.203546-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289156,
"ParentPID": 6684890,
"Thread": 22741071,
"EventTime": "2021-09-07T13:35:00.025799-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:35:00.108971-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289156,
"ParentPID": 6684890,
"Thread": 22741071,
"EventTime": "2021-09-07T13:35:00.025799-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:35:00.109793-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 12:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10289156,
"ParentPID": 6684890,
"Thread": 22741071,
"EventTime": "2021-09-07T13:35:00.025799-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:35:00.110558-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10289156,
"ParentPID": 6684890,
"Thread": 22741071,
"EventTime": "2021-09-07T13:35:00.025799-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:35:00.111305-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010128,
"ParentPID": 6684890,
"Thread": 46465045,
"EventTime": "2021-09-07T13:40:00.034915-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:40:00.055197-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010128,
"ParentPID": 6684890,
"Thread": 46465045,
"EventTime": "2021-09-07T13:40:00.034915-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:40:00.056029-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 12:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010128,
"ParentPID": 6684890,
"Thread": 46465045,
"EventTime": "2021-09-07T13:40:00.034915-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:40:00.056795-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010128,
"ParentPID": 6684890,
"Thread": 46465045,
"EventTime": "2021-09-07T13:40:00.034915-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:40:00.057544-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289164,
"ParentPID": 6684890,
"Thread": 39059493,
"EventTime": "2021-09-07T13:45:00.049046-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:45:00.267922-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289164,
"ParentPID": 6684890,
"Thread": 39059493,
"EventTime": "2021-09-07T13:45:00.049046-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:45:00.268701-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 12:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10289164,
"ParentPID": 6684890,
"Thread": 39059493,
"EventTime": "2021-09-07T13:45:00.049046-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:45:00.269466-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10289164,
"ParentPID": 6684890,
"Thread": 39059493,
"EventTime": "2021-09-07T13:45:00.054340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:45:00.270216-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485870RQEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485870,
"ParentPID": 11010140,
"Thread": 50528385,
"EventTime": "2021-09-07T13:48:55.106962-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:48:55.199178-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11010148,
"ParentPID": 10289166,
"Thread": 20906125,
"EventTime": "2021-09-07T13:48:55.126969-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:48:55.200009-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485894SAEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485894,
"ParentPID": 11010150,
"Thread": 50528409,
"EventTime": "2021-09-07T13:48:55.227034-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:48:55.500986-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192026,
"ParentPID": 6684890,
"Thread": 33161227,
"EventTime": "2021-09-07T13:50:00.057025-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:50:00.109354-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192026,
"ParentPID": 6684890,
"Thread": 33161227,
"EventTime": "2021-09-07T13:50:00.057025-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:50:00.110116-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 12:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192026,
"ParentPID": 6684890,
"Thread": 33161227,
"EventTime": "2021-09-07T13:50:00.057025-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:50:00.110867-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192026,
"ParentPID": 6684890,
"Thread": 33161227,
"EventTime": "2021-09-07T13:50:00.064340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:50:00.111605-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09437406",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10289168,
"ParentPID": 9437406,
"Thread": 45416493,
"EventTime": "2021-09-07T13:50:00.077031-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:50:00.112145-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192028,
"ParentPID": 6684890,
"Thread": 50069627,
"EventTime": "2021-09-07T13:55:00.084879-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:55:00.306329-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192028,
"ParentPID": 6684890,
"Thread": 50069627,
"EventTime": "2021-09-07T13:55:00.084879-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:55:00.307111-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 12:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192028,
"ParentPID": 6684890,
"Thread": 50069627,
"EventTime": "2021-09-07T13:55:00.084879-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:55:00.307870-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192028,
"ParentPID": 6684890,
"Thread": 50069627,
"EventTime": "2021-09-07T13:55:00.084879-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T13:55:00.308624-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9437410,
"ParentPID": 6684890,
"Thread": 33751207,
"EventTime": "2021-09-07T14:00:00.091815-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:00:00.115335-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9437410,
"ParentPID": 6684890,
"Thread": 33751207,
"EventTime": "2021-09-07T14:00:00.091815-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:00:00.115851-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 13:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9437410,
"ParentPID": 6684890,
"Thread": 33751207,
"EventTime": "2021-09-07T14:00:00.091815-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:00:00.116329-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9437410,
"ParentPID": 6684890,
"Thread": 33751207,
"EventTime": "2021-09-07T14:00:00.091815-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:00:00.116793-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010289190MqDqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10289190,
"ParentPID": 9437422,
"Thread": 42598485,
"EventTime": "2021-09-07T14:03:55.307571-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:03:55.609361-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9437430,
"ParentPID": 8192036,
"Thread": 28049411,
"EventTime": "2021-09-07T14:03:55.316339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:03:55.609875-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010289214MIDqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10289214,
"ParentPID": 9437432,
"Thread": 42598509,
"EventTime": "2021-09-07T14:03:55.376339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:03:55.610336-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289216,
"ParentPID": 6684890,
"Thread": 36896775,
"EventTime": "2021-09-07T14:05:00.094339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:05:00.178679-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289216,
"ParentPID": 6684890,
"Thread": 36896775,
"EventTime": "2021-09-07T14:05:00.094339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:05:00.179199-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 13:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10289216,
"ParentPID": 6684890,
"Thread": 36896775,
"EventTime": "2021-09-07T14:05:00.094339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:05:00.179676-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10289216,
"ParentPID": 6684890,
"Thread": 36896775,
"EventTime": "2021-09-07T14:05:00.094339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:05:00.180144-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289218,
"ParentPID": 5439688,
"Thread": 36896777,
"EventTime": "2021-09-07T14:05:52.134049-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:05:52.165043-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289220,
"ParentPID": 5439688,
"Thread": 36896779,
"EventTime": "2021-09-07T14:05:53.197014-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:05:53.369900-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289222,
"ParentPID": 5439688,
"Thread": 36896781,
"EventTime": "2021-09-07T14:05:53.469014-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:05:53.673190-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289224,
"ParentPID": 5439688,
"Thread": 36896783,
"EventTime": "2021-09-07T14:05:53.598822-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:05:53.674014-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289226,
"ParentPID": 5439688,
"Thread": 36896785,
"EventTime": "2021-09-07T14:05:53.869123-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:05:53.979904-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289228,
"ParentPID": 5439688,
"Thread": 36896787,
"EventTime": "2021-09-07T14:05:54.139512-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:05:54.283176-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289230,
"ParentPID": 5439688,
"Thread": 36896789,
"EventTime": "2021-09-07T14:05:54.410231-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:05:54.591529-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289232,
"ParentPID": 5439688,
"Thread": 36896791,
"EventTime": "2021-09-07T14:05:54.670906-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:05:54.893170-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289234,
"ParentPID": 5439688,
"Thread": 36896793,
"EventTime": "2021-09-07T14:05:54.932340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:05:55.197841-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289236,
"ParentPID": 5439688,
"Thread": 36896795,
"EventTime": "2021-09-07T14:05:55.197044-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:05:55.503236-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289238,
"ParentPID": 6684890,
"Thread": 39059517,
"EventTime": "2021-09-07T14:10:00.099359-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:10:00.348933-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289238,
"ParentPID": 6684890,
"Thread": 39059517,
"EventTime": "2021-09-07T14:10:00.099359-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:10:00.349752-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 13:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10289238,
"ParentPID": 6684890,
"Thread": 39059517,
"EventTime": "2021-09-07T14:10:00.099359-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:10:00.350512-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10289238,
"ParentPID": 6684890,
"Thread": 39059517,
"EventTime": "2021-09-07T14:10:00.099359-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:10:00.351263-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485910,
"ParentPID": 6684890,
"Thread": 42598535,
"EventTime": "2021-09-07T14:15:00.111751-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:15:00.209630-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485910,
"ParentPID": 6684890,
"Thread": 42598535,
"EventTime": "2021-09-07T14:15:00.111751-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:15:00.210489-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 13:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485910,
"ParentPID": 6684890,
"Thread": 42598535,
"EventTime": "2021-09-07T14:15:00.111751-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:15:00.211262-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485910,
"ParentPID": 6684890,
"Thread": 42598535,
"EventTime": "2021-09-07T14:15:00.113145-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:15:00.212028-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011010188GEGaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11010188,
"ParentPID": 10289250,
"Thread": 37224657,
"EventTime": "2021-09-07T14:18:55.500455-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:18:55.548562-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10289258,
"ParentPID": 10485912,
"Thread": 39780439,
"EventTime": "2021-09-07T14:18:55.517340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:18:55.549325-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011010212HuGaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11010212,
"ParentPID": 10289260,
"Thread": 37224681,
"EventTime": "2021-09-07T14:18:55.617371-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:18:55.854509-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485914,
"ParentPID": 6684890,
"Thread": 42008617,
"EventTime": "2021-09-07T14:20:00.115340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:20:00.184712-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485914,
"ParentPID": 6684890,
"Thread": 42008617,
"EventTime": "2021-09-07T14:20:00.115340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:20:00.185552-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 13:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485914,
"ParentPID": 6684890,
"Thread": 42008617,
"EventTime": "2021-09-07T14:20:00.115340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:20:00.186328-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485914,
"ParentPID": 6684890,
"Thread": 42008617,
"EventTime": "2021-09-07T14:20:00.123665-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:20:00.187128-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485916,
"ParentPID": 6684890,
"Thread": 45154549,
"EventTime": "2021-09-07T14:25:00.127500-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:25:00.262175-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485916,
"ParentPID": 6684890,
"Thread": 45154549,
"EventTime": "2021-09-07T14:25:00.127500-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:25:00.262946-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 13:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485916,
"ParentPID": 6684890,
"Thread": 45154549,
"EventTime": "2021-09-07T14:25:00.127500-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:25:00.263705-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485916,
"ParentPID": 6684890,
"Thread": 45154549,
"EventTime": "2021-09-07T14:25:00.134296-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:25:00.264446-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485918,
"ParentPID": 6684890,
"Thread": 43647191,
"EventTime": "2021-09-07T14:30:00.139273-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:30:00.225518-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485918,
"ParentPID": 6684890,
"Thread": 43647191,
"EventTime": "2021-09-07T14:30:00.139273-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:30:00.226417-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 13:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485918,
"ParentPID": 6684890,
"Thread": 43647191,
"EventTime": "2021-09-07T14:30:00.139273-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:30:00.227190-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485918,
"ParentPID": 6684890,
"Thread": 43647191,
"EventTime": "2021-09-07T14:30:00.139273-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:30:00.227944-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485920,
"ParentPID": 5439688,
"Thread": 42598561,
"EventTime": "2021-09-07T14:31:29.997135-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:30.054272-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10289262.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10289262,
"ParentPID": 10485920,
"Thread": 37421141,
"EventTime": "2021-09-07T14:31:30.127493-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:30.358786-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10289262",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11010228,
"ParentPID": 10289262,
"Thread": 35127529,
"EventTime": "2021-09-07T14:31:30.158609-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:30.359603-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11010228,
"ParentPID": 10289262,
"Thread": 35127529,
"EventTime": "2021-09-07T14:31:30.167505-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:30.360356-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010232aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010232,
"ParentPID": 10289262,
"Thread": 35127533,
"EventTime": "2021-09-07T14:31:30.177508-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:30.361102-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010232aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010232,
"ParentPID": 10289262,
"Thread": 35127533,
"EventTime": "2021-09-07T14:31:30.177508-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:30.361825-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010232aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010232,
"ParentPID": 10289262,
"Thread": 35127533,
"EventTime": "2021-09-07T14:31:30.182340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:30.362594-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10289262/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11468820,
"ParentPID": 10289262,
"Thread": 31916063,
"EventTime": "2021-09-07T14:31:30.202340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:30.363326-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10223674",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 11010234,
"ParentPID": 10223674,
"Thread": 35127535,
"EventTime": "2021-09-07T14:31:30.204870-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:30.363913-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10289262",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11468822,
"ParentPID": 10289262,
"Thread": 31916065,
"EventTime": "2021-09-07T14:31:30.204870-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:30.364639-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10223676,
"ParentPID": 10485920,
"Thread": 34406597,
"EventTime": "2021-09-07T14:31:30.207966-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:30.365355-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223676,
"ParentPID": 10485920,
"Thread": 34406597,
"EventTime": "2021-09-07T14:31:30.207966-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:30.366059-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485922,
"ParentPID": 5439688,
"Thread": 42598563,
"EventTime": "2021-09-07T14:31:30.582340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:30.669600-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10223678.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10223678,
"ParentPID": 10485922,
"Thread": 34406599,
"EventTime": "2021-09-07T14:31:30.712568-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:30.973202-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10223678",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10289278,
"ParentPID": 10223678,
"Thread": 37421157,
"EventTime": "2021-09-07T14:31:30.742340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:30.974039-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10289278,
"ParentPID": 10223678,
"Thread": 37421157,
"EventTime": "2021-09-07T14:31:30.754124-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:30.974795-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289282aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289282,
"ParentPID": 10223678,
"Thread": 37421161,
"EventTime": "2021-09-07T14:31:30.762582-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:30.975543-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289282aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289282,
"ParentPID": 10223678,
"Thread": 37421161,
"EventTime": "2021-09-07T14:31:30.762582-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:30.976270-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289282aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289282,
"ParentPID": 10223678,
"Thread": 37421161,
"EventTime": "2021-09-07T14:31:30.762582-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:30.977002-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10223678/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10289288,
"ParentPID": 10223678,
"Thread": 37421167,
"EventTime": "2021-09-07T14:31:30.772342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:30.977721-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10223678",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10289290,
"ParentPID": 10223678,
"Thread": 37421169,
"EventTime": "2021-09-07T14:31:30.778895-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:30.978427-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10223680,
"ParentPID": 10485922,
"Thread": 34406601,
"EventTime": "2021-09-07T14:31:30.782340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:30.979138-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223680,
"ParentPID": 10485922,
"Thread": 34406601,
"EventTime": "2021-09-07T14:31:30.782340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:30.979854-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485924,
"ParentPID": 5439688,
"Thread": 42598565,
"EventTime": "2021-09-07T14:31:31.782340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:31.882919-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10223682.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10223682,
"ParentPID": 10485924,
"Thread": 34406603,
"EventTime": "2021-09-07T14:31:31.912740-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:32.193233-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10223682",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10289306,
"ParentPID": 10223682,
"Thread": 37421185,
"EventTime": "2021-09-07T14:31:31.942340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:32.194061-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10289306,
"ParentPID": 10223682,
"Thread": 37421185,
"EventTime": "2021-09-07T14:31:31.952373-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:32.194816-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289310aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289310,
"ParentPID": 10223682,
"Thread": 37421189,
"EventTime": "2021-09-07T14:31:31.952373-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:32.195565-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289310aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289310,
"ParentPID": 10223682,
"Thread": 37421189,
"EventTime": "2021-09-07T14:31:31.962340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:32.196295-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289310aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289310,
"ParentPID": 10223682,
"Thread": 37421189,
"EventTime": "2021-09-07T14:31:31.962340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:32.197029-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10223682/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10289312,
"ParentPID": 10223682,
"Thread": 37421191,
"EventTime": "2021-09-07T14:31:31.972341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:32.197751-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10223682",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10289314,
"ParentPID": 10223682,
"Thread": 37421193,
"EventTime": "2021-09-07T14:31:31.972341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:32.198462-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10223684,
"ParentPID": 10485924,
"Thread": 34406605,
"EventTime": "2021-09-07T14:31:31.972341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:32.199174-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223684,
"ParentPID": 10485924,
"Thread": 34406605,
"EventTime": "2021-09-07T14:31:31.972341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:32.199889-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485926,
"ParentPID": 5439688,
"Thread": 42598567,
"EventTime": "2021-09-07T14:31:43.552977-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:43.620379-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485928,
"ParentPID": 5439688,
"Thread": 42598569,
"EventTime": "2021-09-07T14:31:44.936764-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:45.128187-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485930,
"ParentPID": 5439688,
"Thread": 42598571,
"EventTime": "2021-09-07T14:31:46.320584-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:46.333599-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485932,
"ParentPID": 5439688,
"Thread": 42598573,
"EventTime": "2021-09-07T14:31:47.701340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:47.846696-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10223686.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10223686,
"ParentPID": 10485932,
"Thread": 34406607,
"EventTime": "2021-09-07T14:31:47.833779-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:47.847469-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10223686",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10289330,
"ParentPID": 10223686,
"Thread": 37421209,
"EventTime": "2021-09-07T14:31:47.864829-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:48.152145-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10289330,
"ParentPID": 10223686,
"Thread": 37421209,
"EventTime": "2021-09-07T14:31:47.874846-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:48.152899-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289334aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289334,
"ParentPID": 10223686,
"Thread": 37421213,
"EventTime": "2021-09-07T14:31:47.881341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:48.153574-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289334aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289334,
"ParentPID": 10223686,
"Thread": 37421213,
"EventTime": "2021-09-07T14:31:47.884849-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:48.154236-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289334aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289334,
"ParentPID": 10223686,
"Thread": 37421213,
"EventTime": "2021-09-07T14:31:47.884849-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:48.154897-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10223686/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10289336,
"ParentPID": 10223686,
"Thread": 37421215,
"EventTime": "2021-09-07T14:31:47.894852-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:48.155556-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10223686",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10289338,
"ParentPID": 10223686,
"Thread": 37421217,
"EventTime": "2021-09-07T14:31:47.894852-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:48.156204-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10223688,
"ParentPID": 10485932,
"Thread": 34406609,
"EventTime": "2021-09-07T14:31:47.901343-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:48.156850-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223688,
"ParentPID": 10485932,
"Thread": 34406609,
"EventTime": "2021-09-07T14:31:47.901343-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:48.157499-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485934,
"ParentPID": 5439688,
"Thread": 42598575,
"EventTime": "2021-09-07T14:31:49.161340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:49.369488-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10223690.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10223690,
"ParentPID": 10485934,
"Thread": 34406611,
"EventTime": "2021-09-07T14:31:49.291340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:49.370171-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10223690",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10289354,
"ParentPID": 10223690,
"Thread": 37421233,
"EventTime": "2021-09-07T14:31:49.324218-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:49.370834-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10289354,
"ParentPID": 10223690,
"Thread": 37421233,
"EventTime": "2021-09-07T14:31:49.334908-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:49.371519-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289358aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289358,
"ParentPID": 10223690,
"Thread": 37421237,
"EventTime": "2021-09-07T14:31:49.341340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:49.372182-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289358aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289358,
"ParentPID": 10223690,
"Thread": 37421237,
"EventTime": "2021-09-07T14:31:49.341340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:49.372877-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289358aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289358,
"ParentPID": 10223690,
"Thread": 37421237,
"EventTime": "2021-09-07T14:31:49.341340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:49.373535-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10223690/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10289364,
"ParentPID": 10223690,
"Thread": 37421243,
"EventTime": "2021-09-07T14:31:49.351340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:49.374188-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10223690",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10289366,
"ParentPID": 10223690,
"Thread": 37421245,
"EventTime": "2021-09-07T14:31:49.358689-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:49.374890-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10223692,
"ParentPID": 10485934,
"Thread": 34406613,
"EventTime": "2021-09-07T14:31:49.361552-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:49.375614-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223692,
"ParentPID": 10485934,
"Thread": 34406613,
"EventTime": "2021-09-07T14:31:49.361552-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:49.376328-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485936,
"ParentPID": 5439688,
"Thread": 42598577,
"EventTime": "2021-09-07T14:31:50.625547-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:31:50.883581-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-07T14:33:10.522600-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:33:10.824355-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010289388BuDqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10289388,
"ParentPID": 10485950,
"Thread": 35127315,
"EventTime": "2021-09-07T14:33:55.739965-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:33:55.908170-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10485958,
"ParentPID": 10223696,
"Thread": 31916137,
"EventTime": "2021-09-07T14:33:55.757340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:33:55.908909-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010289156CaDqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10289156,
"ParentPID": 10485960,
"Thread": 35127339,
"EventTime": "2021-09-07T14:33:55.850017-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:33:55.909575-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223698,
"ParentPID": 6684890,
"Thread": 42598587,
"EventTime": "2021-09-07T14:35:00.150351-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:35:00.246445-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223698,
"ParentPID": 6684890,
"Thread": 42598587,
"EventTime": "2021-09-07T14:35:00.150351-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:35:00.247208-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 13:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223698,
"ParentPID": 6684890,
"Thread": 42598587,
"EventTime": "2021-09-07T14:35:00.150351-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:35:00.247891-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223698,
"ParentPID": 6684890,
"Thread": 42598587,
"EventTime": "2021-09-07T14:35:00.150351-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:35:00.248558-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223700,
"ParentPID": 6684890,
"Thread": 47251697,
"EventTime": "2021-09-07T14:40:00.158720-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:40:00.440075-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223700,
"ParentPID": 6684890,
"Thread": 47251697,
"EventTime": "2021-09-07T14:40:00.158720-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:40:00.440880-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 13:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223700,
"ParentPID": 6684890,
"Thread": 47251697,
"EventTime": "2021-09-07T14:40:00.158720-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:40:00.441620-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223700,
"ParentPID": 6684890,
"Thread": 47251697,
"EventTime": "2021-09-07T14:40:00.158720-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:40:00.442344-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10223702",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10485962,
"ParentPID": 10223702,
"Thread": 46268423,
"EventTime": "2021-09-07T14:40:00.178731-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:40:00.442892-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223704,
"ParentPID": 5439688,
"Thread": 47251707,
"EventTime": "2021-09-07T14:42:31.354392-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:42:31.608024-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223706,
"ParentPID": 6684890,
"Thread": 37421275,
"EventTime": "2021-09-07T14:45:00.169050-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:45:00.350602-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223706,
"ParentPID": 6684890,
"Thread": 37421275,
"EventTime": "2021-09-07T14:45:00.169050-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:45:00.351365-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 13:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223706,
"ParentPID": 6684890,
"Thread": 37421275,
"EventTime": "2021-09-07T14:45:00.175444-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:45:00.352111-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223706,
"ParentPID": 6684890,
"Thread": 37421275,
"EventTime": "2021-09-07T14:45:00.175444-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:45:00.352833-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00102891787aDqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10289178,
"ParentPID": 10485972,
"Thread": 38928587,
"EventTime": "2021-09-07T14:48:55.976341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:48:56.268593-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10485980,
"ParentPID": 10223708,
"Thread": 37748927,
"EventTime": "2021-09-07T14:48:55.996424-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:48:56.269399-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00102892027IDqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10289202,
"ParentPID": 10485982,
"Thread": 38928611,
"EventTime": "2021-09-07T14:48:56.092694-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:48:56.270129-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192040,
"ParentPID": 6684890,
"Thread": 28049431,
"EventTime": "2021-09-07T14:50:00.180908-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:50:00.275126-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192040,
"ParentPID": 6684890,
"Thread": 28049431,
"EventTime": "2021-09-07T14:50:00.180908-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:50:00.275934-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 13:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192040,
"ParentPID": 6684890,
"Thread": 28049431,
"EventTime": "2021-09-07T14:50:00.180908-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:50:00.276685-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192040,
"ParentPID": 6684890,
"Thread": 28049431,
"EventTime": "2021-09-07T14:50:00.180908-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:50:00.277422-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192042,
"ParentPID": 6684890,
"Thread": 23658607,
"EventTime": "2021-09-07T14:55:00.194340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:55:00.490136-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192042,
"ParentPID": 6684890,
"Thread": 23658607,
"EventTime": "2021-09-07T14:55:00.194340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:55:00.490902-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 13:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192042,
"ParentPID": 6684890,
"Thread": 23658607,
"EventTime": "2021-09-07T14:55:00.194340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:55:00.491651-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192042,
"ParentPID": 6684890,
"Thread": 23658607,
"EventTime": "2021-09-07T14:55:00.194340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T14:55:00.492386-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192048,
"ParentPID": 6684890,
"Thread": 32964613,
"EventTime": "2021-09-07T15:00:00.199204-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:00:00.392020-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192048,
"ParentPID": 6684890,
"Thread": 32964613,
"EventTime": "2021-09-07T15:00:00.199204-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:00:00.392785-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 14:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192048,
"ParentPID": 6684890,
"Thread": 32964613,
"EventTime": "2021-09-07T15:00:00.204340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:00:00.393535-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192048,
"ParentPID": 6684890,
"Thread": 32964613,
"EventTime": "2021-09-07T15:00:00.204340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:00:00.394273-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00110102981yGaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11010298,
"ParentPID": 11468924,
"Thread": 34930737,
"EventTime": "2021-09-07T15:03:56.176339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:03:56.223635-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11468932,
"ParentPID": 8192056,
"Thread": 43712535,
"EventTime": "2021-09-07T15:03:56.186339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:03:56.224105-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00110100661UGaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11010066,
"ParentPID": 11468934,
"Thread": 34930761,
"EventTime": "2021-09-07T15:03:56.246339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:03:56.525209-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485998,
"ParentPID": 6684890,
"Thread": 31522975,
"EventTime": "2021-09-07T15:05:00.203339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:05:00.213247-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485998,
"ParentPID": 6684890,
"Thread": 31522975,
"EventTime": "2021-09-07T15:05:00.203339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:05:00.213742-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 14:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485998,
"ParentPID": 6684890,
"Thread": 31522975,
"EventTime": "2021-09-07T15:05:00.203339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:05:00.214206-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485998,
"ParentPID": 6684890,
"Thread": 31522975,
"EventTime": "2021-09-07T15:05:00.203339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:05:00.214695-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10486000,
"ParentPID": 6684890,
"Thread": 34799635,
"EventTime": "2021-09-07T15:10:00.217111-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:10:00.303308-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10486000,
"ParentPID": 6684890,
"Thread": 34799635,
"EventTime": "2021-09-07T15:10:00.217111-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:10:00.304133-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 14:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10486000,
"ParentPID": 6684890,
"Thread": 34799635,
"EventTime": "2021-09-07T15:10:00.217111-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:10:00.305012-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10486000,
"ParentPID": 6684890,
"Thread": 34799635,
"EventTime": "2021-09-07T15:10:00.217111-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:10:00.305760-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /var/ct/cfg/ctrmc.mcptbl.11206744 topath: /var/ct/cfg/ctrmc.mcptbl",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "rmcd",
"PID": 5111982,
"ParentPID": 3997920,
"Thread": 20512883,
"EventTime": "2021-09-07T15:10:19.517370-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:10:19.542281-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005111982Syt7am",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rmcd",
"PID": 5111982,
"ParentPID": 3997920,
"Thread": 20512883,
"EventTime": "2021-09-07T15:10:19.520288-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:10:19.543108-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011206744SyGMam",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26345509,
"EventTime": "2021-09-07T15:10:19.520288-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:10:19.544270-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/ct/cfg/ctrmc.mcptbl.11206744",
"Status": 1,
"EventType": "FILE_Unlink",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26345509,
"EventTime": "2021-09-07T15:10:19.520288-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:10:19.545010-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "chrmcacl",
"PID": 10486002,
"ParentPID": 11206744,
"Thread": 34799637,
"EventTime": "2021-09-07T15:10:19.543340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:10:19.851984-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "linkname /var/ct/cfg/ctrmc.acls filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Link",
"Command": "chrmcacl",
"PID": 10486002,
"ParentPID": 11206744,
"Thread": 34799637,
"EventTime": "2021-09-07T15:10:19.543340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:10:19.852794-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /var/ct/cfg/ctrmc.acls.10486002 topath: /var/ct/cfg/ctrmc.acls",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "chrmcacl",
"PID": 10486002,
"ParentPID": 11206744,
"Thread": 34799637,
"EventTime": "2021-09-07T15:10:19.543340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:10:19.853573-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005111982SAt7an",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rmcd",
"PID": 5111982,
"ParentPID": 3997920,
"Thread": 20512883,
"EventTime": "2021-09-07T15:10:19.543340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:10:19.854321-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011206744SAGMan",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26345509,
"EventTime": "2021-09-07T15:10:19.543340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:10:19.855096-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10486004,
"ParentPID": 6684890,
"Thread": 39190707,
"EventTime": "2021-09-07T15:15:00.228292-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:15:00.479334-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10486004,
"ParentPID": 6684890,
"Thread": 39190707,
"EventTime": "2021-09-07T15:15:00.228292-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:15:00.480147-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 14:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10486004,
"ParentPID": 6684890,
"Thread": 39190707,
"EventTime": "2021-09-07T15:15:00.228292-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:15:00.480893-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10486004,
"ParentPID": 6684890,
"Thread": 39190707,
"EventTime": "2021-09-07T15:15:00.229580-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:15:00.481620-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008192078uQ6qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8192078,
"ParentPID": 9240808,
"Thread": 42008671,
"EventTime": "2021-09-07T15:18:56.366782-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:18:56.658238-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9240816,
"ParentPID": 10486006,
"Thread": 37552375,
"EventTime": "2021-09-07T15:18:56.385340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:18:56.658994-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008192102v76qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8192102,
"ParentPID": 9240818,
"Thread": 42008695,
"EventTime": "2021-09-07T15:18:56.476819-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:18:56.659725-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10486008,
"ParentPID": 6684890,
"Thread": 34799661,
"EventTime": "2021-09-07T15:20:00.233340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:20:00.363623-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10486008,
"ParentPID": 6684890,
"Thread": 34799661,
"EventTime": "2021-09-07T15:20:00.233340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:20:00.364438-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 14:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10486008,
"ParentPID": 6684890,
"Thread": 34799661,
"EventTime": "2021-09-07T15:20:00.233340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:20:00.365186-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10486008,
"ParentPID": 6684890,
"Thread": 34799661,
"EventTime": "2021-09-07T15:20:00.233340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:20:00.365911-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09240820",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 8192104,
"ParentPID": 9240820,
"Thread": 31195297,
"EventTime": "2021-09-07T15:20:00.253341-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:20:00.366446-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /var/ct/cfg/ct_has.thl.pend topath: /var/ct/cfg/ct_has.thl",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26083357,
"EventTime": "2021-09-07T15:23:26.529036-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:23:26.820410-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/ct/cfg/ct_has.thl.pend",
"Status": 1,
"EventType": "FILE_Unlink",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26083357,
"EventTime": "2021-09-07T15:23:26.529036-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:23:26.821224-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "chrmcacl",
"PID": 10486010,
"ParentPID": 11206744,
"Thread": 37224703,
"EventTime": "2021-09-07T15:23:26.548837-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:23:26.821959-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "linkname /var/ct/cfg/ctrmc.acls filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Link",
"Command": "chrmcacl",
"PID": 10486010,
"ParentPID": 11206744,
"Thread": 37224703,
"EventTime": "2021-09-07T15:23:26.548837-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:23:26.822686-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /var/ct/cfg/ctrmc.acls.10486010 topath: /var/ct/cfg/ctrmc.acls",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "chrmcacl",
"PID": 10486010,
"ParentPID": 11206744,
"Thread": 37224703,
"EventTime": "2021-09-07T15:23:26.548837-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:23:26.823435-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /var/ct/cfg/ctrmc.mcptbl.11206744 topath: /var/ct/cfg/ctrmc.mcptbl",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "rmcd",
"PID": 5111982,
"ParentPID": 3997920,
"Thread": 20512883,
"EventTime": "2021-09-07T15:23:26.556389-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:23:26.824172-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005111982JAt7ao",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rmcd",
"PID": 5111982,
"ParentPID": 3997920,
"Thread": 20512883,
"EventTime": "2021-09-07T15:23:26.556389-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:23:26.824887-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011206744J7GMao",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26083357,
"EventTime": "2021-09-07T15:23:26.558841-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:23:26.825610-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/ct/cfg/ctrmc.mcptbl.11206744",
"Status": 1,
"EventType": "FILE_Unlink",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26083357,
"EventTime": "2021-09-07T15:23:26.558841-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:23:26.826293-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "chrmcacl",
"PID": 10486012,
"ParentPID": 11206744,
"Thread": 37224449,
"EventTime": "2021-09-07T15:23:26.579093-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:23:26.827067-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "linkname /var/ct/cfg/ctrmc.acls filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Link",
"Command": "chrmcacl",
"PID": 10486012,
"ParentPID": 11206744,
"Thread": 37224449,
"EventTime": "2021-09-07T15:23:26.579093-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:23:26.827831-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /var/ct/cfg/ctrmc.acls.10486012 topath: /var/ct/cfg/ctrmc.acls",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "chrmcacl",
"PID": 10486012,
"ParentPID": 11206744,
"Thread": 37224449,
"EventTime": "2021-09-07T15:23:26.579093-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:23:26.828558-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005111982JMt7ap",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rmcd",
"PID": 5111982,
"ParentPID": 3997920,
"Thread": 20512883,
"EventTime": "2021-09-07T15:23:26.586340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:23:26.829234-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011206744JIGMap",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26083357,
"EventTime": "2021-09-07T15:23:26.586340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:23:26.829891-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10486014,
"ParentPID": 6684890,
"Thread": 36307039,
"EventTime": "2021-09-07T15:25:00.258652-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:25:00.285288-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10486014,
"ParentPID": 6684890,
"Thread": 36307039,
"EventTime": "2021-09-07T15:25:00.258652-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:25:00.286109-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 14:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10486014,
"ParentPID": 6684890,
"Thread": 36307039,
"EventTime": "2021-09-07T15:25:00.258652-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:25:00.286862-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10486014,
"ParentPID": 6684890,
"Thread": 36307039,
"EventTime": "2021-09-07T15:25:00.263340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:25:00.287603-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485760,
"ParentPID": 6684890,
"Thread": 22282463,
"EventTime": "2021-09-07T15:30:00.263340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:30:00.389831-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485760,
"ParentPID": 6684890,
"Thread": 22282463,
"EventTime": "2021-09-07T15:30:00.263340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:30:00.390368-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 14:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485760,
"ParentPID": 6684890,
"Thread": 22282463,
"EventTime": "2021-09-07T15:30:00.263340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:30:00.390852-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485760,
"ParentPID": 6684890,
"Thread": 22282463,
"EventTime": "2021-09-07T15:30:00.268957-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:30:00.391327-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-07T15:33:10.406340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:33:10.544186-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008192126p36qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8192126,
"ParentPID": 9240830,
"Thread": 31916179,
"EventTime": "2021-09-07T15:33:56.599919-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:33:56.825262-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9240582,
"ParentPID": 10485764,
"Thread": 37224469,
"EventTime": "2021-09-07T15:33:56.614340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:33:56.826087-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008192150qm6qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8192150,
"ParentPID": 9240584,
"Thread": 31916203,
"EventTime": "2021-09-07T15:33:56.719972-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:33:56.826833-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240588,
"ParentPID": 6684890,
"Thread": 44433619,
"EventTime": "2021-09-07T15:35:00.272340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:35:00.548254-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240588,
"ParentPID": 6684890,
"Thread": 44433619,
"EventTime": "2021-09-07T15:35:00.272340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:35:00.549086-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 14:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240588,
"ParentPID": 6684890,
"Thread": 44433619,
"EventTime": "2021-09-07T15:35:00.272340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:35:00.549846-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240588,
"ParentPID": 6684890,
"Thread": 44433619,
"EventTime": "2021-09-07T15:35:00.272340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:35:00.550590-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240590,
"ParentPID": 5439688,
"Thread": 42926087,
"EventTime": "2021-09-07T15:37:03.168340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:37:03.457247-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10485768.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10485768,
"ParentPID": 9240590,
"Thread": 37552135,
"EventTime": "2021-09-07T15:37:03.298340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:37:03.458030-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10485768",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 8192166,
"ParentPID": 10485768,
"Thread": 43253881,
"EventTime": "2021-09-07T15:37:03.328340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:37:03.458821-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 8192166,
"ParentPID": 10485768,
"Thread": 43253881,
"EventTime": "2021-09-07T15:37:03.338341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:37:03.459629-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm8192170aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8192170,
"ParentPID": 10485768,
"Thread": 43253885,
"EventTime": "2021-09-07T15:37:03.348342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:37:03.460361-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm8192170aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8192170,
"ParentPID": 10485768,
"Thread": 43253885,
"EventTime": "2021-09-07T15:37:03.348342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:37:03.461087-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm8192170aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8192170,
"ParentPID": 10485768,
"Thread": 43253885,
"EventTime": "2021-09-07T15:37:03.352361-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:37:03.461812-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10485768/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 8192176,
"ParentPID": 10485768,
"Thread": 43253891,
"EventTime": "2021-09-07T15:37:03.358342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:37:03.462551-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10485768",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 8192178,
"ParentPID": 10485768,
"Thread": 43253893,
"EventTime": "2021-09-07T15:37:03.358342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:37:03.463266-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10485770,
"ParentPID": 9240590,
"Thread": 37552137,
"EventTime": "2021-09-07T15:37:03.368404-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:37:03.463973-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485770,
"ParentPID": 9240590,
"Thread": 37552137,
"EventTime": "2021-09-07T15:37:03.368404-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:37:03.464701-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240592,
"ParentPID": 5439688,
"Thread": 42926089,
"EventTime": "2021-09-07T15:37:03.888934-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:37:04.071490-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10485772.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10485772,
"ParentPID": 9240592,
"Thread": 37552139,
"EventTime": "2021-09-07T15:37:04.022035-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:37:04.072253-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10485772",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 8192194,
"ParentPID": 10485772,
"Thread": 43253909,
"EventTime": "2021-09-07T15:37:04.056852-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:37:04.072998-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 8192194,
"ParentPID": 10485772,
"Thread": 43253909,
"EventTime": "2021-09-07T15:37:04.063725-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:37:04.073731-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm8192198aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8192198,
"ParentPID": 10485772,
"Thread": 43253913,
"EventTime": "2021-09-07T15:37:04.069287-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:37:04.379204-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm8192198aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8192198,
"ParentPID": 10485772,
"Thread": 43253913,
"EventTime": "2021-09-07T15:37:04.069287-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:37:04.380019-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm8192198aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8192198,
"ParentPID": 10485772,
"Thread": 43253913,
"EventTime": "2021-09-07T15:37:04.078340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:37:04.380765-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10485772/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 8192204,
"ParentPID": 10485772,
"Thread": 43253919,
"EventTime": "2021-09-07T15:37:04.090070-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:37:04.381506-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10485772",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 8192206,
"ParentPID": 10485772,
"Thread": 43253921,
"EventTime": "2021-09-07T15:37:04.090070-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:37:04.382234-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10485774,
"ParentPID": 9240592,
"Thread": 37552141,
"EventTime": "2021-09-07T15:37:04.090070-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:37:04.382970-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485774,
"ParentPID": 9240592,
"Thread": 37552141,
"EventTime": "2021-09-07T15:37:04.090070-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:37:04.383700-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240594,
"ParentPID": 6684890,
"Thread": 31522997,
"EventTime": "2021-09-07T15:40:00.282340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:40:00.480541-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240594,
"ParentPID": 6684890,
"Thread": 31522997,
"EventTime": "2021-09-07T15:40:00.282340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:40:00.481334-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 14:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240594,
"ParentPID": 6684890,
"Thread": 31522997,
"EventTime": "2021-09-07T15:40:00.282340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:40:00.482103-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240594,
"ParentPID": 6684890,
"Thread": 31522997,
"EventTime": "2021-09-07T15:40:00.282340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:40:00.482950-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /var/ct/cfg/ctrmc.mcptbl.11206744 topath: /var/ct/cfg/ctrmc.mcptbl",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "rmcd",
"PID": 5111982,
"ParentPID": 3997920,
"Thread": 20512883,
"EventTime": "2021-09-07T15:43:19.267842-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:43:19.399039-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005111982mqt7aq",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rmcd",
"PID": 5111982,
"ParentPID": 3997920,
"Thread": 20512883,
"EventTime": "2021-09-07T15:43:19.267842-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:43:19.399824-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011206744mqGMaq",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26345509,
"EventTime": "2021-09-07T15:43:19.267842-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:43:19.400574-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/ct/cfg/ctrmc.mcptbl.11206744",
"Status": 1,
"EventType": "FILE_Unlink",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26345509,
"EventTime": "2021-09-07T15:43:19.267842-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:43:19.401326-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "chrmcacl",
"PID": 9240596,
"ParentPID": 11206744,
"Thread": 31916217,
"EventTime": "2021-09-07T15:43:19.292164-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:43:19.402062-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "linkname /var/ct/cfg/ctrmc.acls filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Link",
"Command": "chrmcacl",
"PID": 9240596,
"ParentPID": 11206744,
"Thread": 31916217,
"EventTime": "2021-09-07T15:43:19.295342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:43:19.402796-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /var/ct/cfg/ctrmc.acls.9240596 topath: /var/ct/cfg/ctrmc.acls",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "chrmcacl",
"PID": 9240596,
"ParentPID": 11206744,
"Thread": 31916217,
"EventTime": "2021-09-07T15:43:19.295342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:43:19.403529-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005111982m3t7ar",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rmcd",
"PID": 5111982,
"ParentPID": 3997920,
"Thread": 20512883,
"EventTime": "2021-09-07T15:43:19.299581-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:43:19.404255-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011206744m3GMar",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26345509,
"EventTime": "2021-09-07T15:43:19.299581-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:43:19.404960-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10485776",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9240598,
"ParentPID": 10485776,
"Thread": 31916219,
"EventTime": "2021-09-07T15:43:19.307859-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:43:19.405587-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /var/ct/cfg/ct_has.thl.pend topath: /var/ct/cfg/ct_has.thl",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26083357,
"EventTime": "2021-09-07T15:44:26.283155-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:44:26.438242-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/ct/cfg/ct_has.thl.pend",
"Status": 1,
"EventType": "FILE_Unlink",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26083357,
"EventTime": "2021-09-07T15:44:26.283155-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:44:26.438757-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "chrmcacl",
"PID": 10485778,
"ParentPID": 11206744,
"Thread": 41156691,
"EventTime": "2021-09-07T15:44:26.293157-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:44:26.439218-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "linkname /var/ct/cfg/ctrmc.acls filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Link",
"Command": "chrmcacl",
"PID": 10485778,
"ParentPID": 11206744,
"Thread": 41156691,
"EventTime": "2021-09-07T15:44:26.293157-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:44:26.439678-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /var/ct/cfg/ctrmc.acls.10485778 topath: /var/ct/cfg/ctrmc.acls",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "chrmcacl",
"PID": 10485778,
"ParentPID": 11206744,
"Thread": 41156691,
"EventTime": "2021-09-07T15:44:26.293157-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:44:26.440135-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /var/ct/cfg/ctrmc.mcptbl.11206744 topath: /var/ct/cfg/ctrmc.mcptbl",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "rmcd",
"PID": 5111982,
"ParentPID": 3997920,
"Thread": 20512883,
"EventTime": "2021-09-07T15:44:26.303188-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:44:26.440597-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005111982Lat7as",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rmcd",
"PID": 5111982,
"ParentPID": 3997920,
"Thread": 20512883,
"EventTime": "2021-09-07T15:44:26.303188-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:44:26.441048-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011206744LaGMas",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26083357,
"EventTime": "2021-09-07T15:44:26.303188-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:44:26.441507-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/ct/cfg/ctrmc.mcptbl.11206744",
"Status": 1,
"EventType": "FILE_Unlink",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26083357,
"EventTime": "2021-09-07T15:44:26.303188-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:44:26.441951-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "chrmcacl",
"PID": 10485780,
"ParentPID": 11206744,
"Thread": 41156693,
"EventTime": "2021-09-07T15:44:26.320177-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:44:26.442396-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "linkname /var/ct/cfg/ctrmc.acls filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Link",
"Command": "chrmcacl",
"PID": 10485780,
"ParentPID": 11206744,
"Thread": 41156693,
"EventTime": "2021-09-07T15:44:26.320177-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:44:26.442843-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /var/ct/cfg/ctrmc.acls.10485780 topath: /var/ct/cfg/ctrmc.acls",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "chrmcacl",
"PID": 10485780,
"ParentPID": 11206744,
"Thread": 41156693,
"EventTime": "2021-09-07T15:44:26.320177-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:44:26.443277-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005111982Lat7at",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rmcd",
"PID": 5111982,
"ParentPID": 3997920,
"Thread": 20512883,
"EventTime": "2021-09-07T15:44:26.323195-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:44:26.443696-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011206744LaGMat",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26083357,
"EventTime": "2021-09-07T15:44:26.323195-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:44:26.444101-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485782,
"ParentPID": 6684890,
"Thread": 42926107,
"EventTime": "2021-09-07T15:45:00.288430-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:45:00.407853-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485782,
"ParentPID": 6684890,
"Thread": 42926107,
"EventTime": "2021-09-07T15:45:00.288430-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:45:00.408386-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 14:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485782,
"ParentPID": 6684890,
"Thread": 42926107,
"EventTime": "2021-09-07T15:45:00.288430-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:45:00.408872-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485782,
"ParentPID": 6684890,
"Thread": 42926107,
"EventTime": "2021-09-07T15:45:00.288430-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:45:00.409347-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008192228jU6qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8192228,
"ParentPID": 9240608,
"Thread": 30146793,
"EventTime": "2021-09-07T15:48:56.804342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:48:57.103299-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9240616,
"ParentPID": 10485784,
"Thread": 31916237,
"EventTime": "2021-09-07T15:48:56.814340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:48:57.103839-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008192252ky6qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8192252,
"ParentPID": 9240618,
"Thread": 30146561,
"EventTime": "2021-09-07T15:48:56.874339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:48:57.104312-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485786,
"ParentPID": 6684890,
"Thread": 31523019,
"EventTime": "2021-09-07T15:50:00.295488-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:50:00.492557-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485786,
"ParentPID": 6684890,
"Thread": 31523019,
"EventTime": "2021-09-07T15:50:00.295488-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:50:00.493418-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 14:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485786,
"ParentPID": 6684890,
"Thread": 31523019,
"EventTime": "2021-09-07T15:50:00.295488-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:50:00.494201-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485786,
"ParentPID": 6684890,
"Thread": 31523019,
"EventTime": "2021-09-07T15:50:00.295488-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:50:00.494973-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485788,
"ParentPID": 6684890,
"Thread": 41222325,
"EventTime": "2021-09-07T15:55:00.302566-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:55:00.390307-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485788,
"ParentPID": 6684890,
"Thread": 41222325,
"EventTime": "2021-09-07T15:55:00.302566-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:55:00.391103-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 14:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485788,
"ParentPID": 6684890,
"Thread": 41222325,
"EventTime": "2021-09-07T15:55:00.302566-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:55:00.391878-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485788,
"ParentPID": 6684890,
"Thread": 41222325,
"EventTime": "2021-09-07T15:55:00.302566-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T15:55:00.392699-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485790,
"ParentPID": 6684890,
"Thread": 47710265,
"EventTime": "2021-09-07T16:00:00.313910-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:00:00.589523-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485790,
"ParentPID": 6684890,
"Thread": 47710265,
"EventTime": "2021-09-07T16:00:00.313910-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:00:00.590429-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/lib/ras/dumpcheck >/dev/null 2>&1 time = Tue Aug 17 15:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485790,
"ParentPID": 6684890,
"Thread": 47710265,
"EventTime": "2021-09-07T16:00:00.313910-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:00:00.591212-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485790,
"ParentPID": 6684890,
"Thread": 47710265,
"EventTime": "2021-09-07T16:00:00.313910-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:00:00.591985-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240620,
"ParentPID": 6684890,
"Thread": 37552161,
"EventTime": "2021-09-07T16:00:00.324847-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:00:00.592852-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240620,
"ParentPID": 6684890,
"Thread": 37552161,
"EventTime": "2021-09-07T16:00:00.324847-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:00:00.593755-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 15:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240620,
"ParentPID": 6684890,
"Thread": 37552161,
"EventTime": "2021-09-07T16:00:00.324847-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:00:00.594560-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240620,
"ParentPID": 6684890,
"Thread": 37552161,
"EventTime": "2021-09-07T16:00:00.332340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:00:00.595321-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10485790.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10485790,
"ParentPID": 6684890,
"Thread": 47710265,
"EventTime": "2021-09-07T16:00:00.362367-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:00:00.596047-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/dump_ch10485790",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9240662,
"ParentPID": 10485790,
"Thread": 37552203,
"EventTime": "2021-09-07T16:00:00.492367-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:00:00.596771-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008192050eu6qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8192050,
"ParentPID": 10485802,
"Thread": 44433645,
"EventTime": "2021-09-07T16:03:57.001386-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:03:57.083160-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10485810,
"ParentPID": 9240668,
"Thread": 31785109,
"EventTime": "2021-09-07T16:03:57.014340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:03:57.083943-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008192074fe6qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8192074,
"ParentPID": 10485812,
"Thread": 44433413,
"EventTime": "2021-09-07T16:03:57.114340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:03:57.385213-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /var/ct/cfg/ctrmc.mcptbl.11206744 topath: /var/ct/cfg/ctrmc.mcptbl",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "rmcd",
"PID": 5111982,
"ParentPID": 3997920,
"Thread": 20512883,
"EventTime": "2021-09-07T16:04:19.363340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:04:19.619775-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005111982qit7au",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rmcd",
"PID": 5111982,
"ParentPID": 3997920,
"Thread": 20512883,
"EventTime": "2021-09-07T16:04:19.363340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:04:19.620605-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011206744qiGMau",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26345509,
"EventTime": "2021-09-07T16:04:19.363340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:04:19.621373-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/ct/cfg/ctrmc.mcptbl.11206744",
"Status": 1,
"EventType": "FILE_Unlink",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26345509,
"EventTime": "2021-09-07T16:04:19.363340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:04:19.622112-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "chrmcacl",
"PID": 9240670,
"ParentPID": 11206744,
"Thread": 31195331,
"EventTime": "2021-09-07T16:04:19.387970-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:04:19.622864-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "linkname /var/ct/cfg/ctrmc.acls filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Link",
"Command": "chrmcacl",
"PID": 9240670,
"ParentPID": 11206744,
"Thread": 31195331,
"EventTime": "2021-09-07T16:04:19.387970-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:04:19.623658-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /var/ct/cfg/ctrmc.acls.9240670 topath: /var/ct/cfg/ctrmc.acls",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "chrmcacl",
"PID": 9240670,
"ParentPID": 11206744,
"Thread": 31195331,
"EventTime": "2021-09-07T16:04:19.387970-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:04:19.624461-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005111982qqt7av",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rmcd",
"PID": 5111982,
"ParentPID": 3997920,
"Thread": 20512883,
"EventTime": "2021-09-07T16:04:19.393363-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:04:19.625204-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011206744qqGMav",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26345509,
"EventTime": "2021-09-07T16:04:19.393363-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:04:19.625923-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09240672",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10485814,
"ParentPID": 9240672,
"Thread": 34930811,
"EventTime": "2021-09-07T16:04:19.403340-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:04:19.626455-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240674,
"ParentPID": 6684890,
"Thread": 37552215,
"EventTime": "2021-09-07T16:05:00.495306-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:05:00.506166-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240674,
"ParentPID": 6684890,
"Thread": 37552215,
"EventTime": "2021-09-07T16:05:00.495306-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:05:00.506951-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 15:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240674,
"ParentPID": 6684890,
"Thread": 37552215,
"EventTime": "2021-09-07T16:05:00.495306-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:05:00.507723-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240674,
"ParentPID": 6684890,
"Thread": 37552215,
"EventTime": "2021-09-07T16:05:00.498293-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:05:00.508477-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /var/ct/cfg/ct_has.thl.pend topath: /var/ct/cfg/ct_has.thl",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26083357,
"EventTime": "2021-09-07T16:05:26.528347-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:05:26.652244-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/ct/cfg/ct_has.thl.pend",
"Status": 1,
"EventType": "FILE_Unlink",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26083357,
"EventTime": "2021-09-07T16:05:26.528347-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:05:26.653085-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "chrmcacl",
"PID": 9240676,
"ParentPID": 11206744,
"Thread": 42139793,
"EventTime": "2021-09-07T16:05:26.550801-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:05:26.653839-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "linkname /var/ct/cfg/ctrmc.acls filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Link",
"Command": "chrmcacl",
"PID": 9240676,
"ParentPID": 11206744,
"Thread": 42139793,
"EventTime": "2021-09-07T16:05:26.558748-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:05:26.654588-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /var/ct/cfg/ctrmc.acls.9240676 topath: /var/ct/cfg/ctrmc.acls",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "chrmcacl",
"PID": 9240676,
"ParentPID": 11206744,
"Thread": 42139793,
"EventTime": "2021-09-07T16:05:26.558748-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:05:26.655333-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /var/ct/cfg/ctrmc.mcptbl.11206744 topath: /var/ct/cfg/ctrmc.mcptbl",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "rmcd",
"PID": 5111982,
"ParentPID": 3997920,
"Thread": 20512883,
"EventTime": "2021-09-07T16:05:26.560746-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:05:26.656072-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005111982PAt7aw",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rmcd",
"PID": 5111982,
"ParentPID": 3997920,
"Thread": 20512883,
"EventTime": "2021-09-07T16:05:26.560746-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:05:26.656804-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011206744PAGMaw",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26083357,
"EventTime": "2021-09-07T16:05:26.560746-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:05:26.657537-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/ct/cfg/ctrmc.mcptbl.11206744",
"Status": 1,
"EventType": "FILE_Unlink",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26083357,
"EventTime": "2021-09-07T16:05:26.560746-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:05:26.658245-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "chrmcacl",
"PID": 9240678,
"ParentPID": 11206744,
"Thread": 42139795,
"EventTime": "2021-09-07T16:05:26.588372-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:05:26.659021-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "linkname /var/ct/cfg/ctrmc.acls filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Link",
"Command": "chrmcacl",
"PID": 9240678,
"ParentPID": 11206744,
"Thread": 42139795,
"EventTime": "2021-09-07T16:05:26.588372-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:05:26.659723-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /var/ct/cfg/ctrmc.acls.9240678 topath: /var/ct/cfg/ctrmc.acls",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "chrmcacl",
"PID": 9240678,
"ParentPID": 11206744,
"Thread": 42139795,
"EventTime": "2021-09-07T16:05:26.591340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:05:26.660408-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005111982Qut7ax",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rmcd",
"PID": 5111982,
"ParentPID": 3997920,
"Thread": 20512883,
"EventTime": "2021-09-07T16:05:26.591340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:05:26.661126-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011206744QuGMax",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26083357,
"EventTime": "2021-09-07T16:05:26.591340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:05:26.661799-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240680,
"ParentPID": 5439688,
"Thread": 37552219,
"EventTime": "2021-09-07T16:05:58.005676-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:05:58.229191-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240682,
"ParentPID": 5439688,
"Thread": 31195341,
"EventTime": "2021-09-07T16:06:00.099340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:06:00.331988-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240684,
"ParentPID": 5439688,
"Thread": 31195343,
"EventTime": "2021-09-07T16:06:00.369340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:06:00.637456-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240686,
"ParentPID": 5439688,
"Thread": 31195345,
"EventTime": "2021-09-07T16:06:00.499340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:06:00.638224-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240688,
"ParentPID": 5439688,
"Thread": 31195347,
"EventTime": "2021-09-07T16:06:00.769340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:06:00.940191-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240690,
"ParentPID": 5439688,
"Thread": 31195349,
"EventTime": "2021-09-07T16:06:01.039340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:06:01.244406-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240692,
"ParentPID": 5439688,
"Thread": 31195351,
"EventTime": "2021-09-07T16:06:01.303594-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:06:01.550218-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240694,
"ParentPID": 5439688,
"Thread": 31195353,
"EventTime": "2021-09-07T16:06:01.566279-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:06:01.856013-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240696,
"ParentPID": 5439688,
"Thread": 31195355,
"EventTime": "2021-09-07T16:06:01.829340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:06:01.856818-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240698,
"ParentPID": 5439688,
"Thread": 31195357,
"EventTime": "2021-09-07T16:06:02.089340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:06:02.160178-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240700,
"ParentPID": 6684890,
"Thread": 41877671,
"EventTime": "2021-09-07T16:10:00.502604-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:10:00.784274-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240700,
"ParentPID": 6684890,
"Thread": 41877671,
"EventTime": "2021-09-07T16:10:00.502604-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:10:00.785051-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 15:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240700,
"ParentPID": 6684890,
"Thread": 41877671,
"EventTime": "2021-09-07T16:10:00.502604-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:10:00.785798-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240700,
"ParentPID": 6684890,
"Thread": 41877671,
"EventTime": "2021-09-07T16:10:00.511340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:10:00.786530-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240702,
"ParentPID": 6684890,
"Thread": 37552243,
"EventTime": "2021-09-07T16:15:00.516445-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:15:00.717454-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240702,
"ParentPID": 6684890,
"Thread": 37552243,
"EventTime": "2021-09-07T16:15:00.516445-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:15:00.718224-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 15:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240702,
"ParentPID": 6684890,
"Thread": 37552243,
"EventTime": "2021-09-07T16:15:00.516445-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:15:00.718975-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240702,
"ParentPID": 6684890,
"Thread": 37552243,
"EventTime": "2021-09-07T16:15:00.521340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:15:00.719708-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008192096-a6qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8192096,
"ParentPID": 10485824,
"Thread": 35848441,
"EventTime": "2021-09-07T16:18:57.243341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:18:57.253884-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10485832,
"ParentPID": 9240704,
"Thread": 45350963,
"EventTime": "2021-09-07T16:18:57.262597-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:18:57.559730-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008192120-M6qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8192120,
"ParentPID": 10485834,
"Thread": 35848209,
"EventTime": "2021-09-07T16:18:57.354075-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:18:57.560545-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240706,
"ParentPID": 6684890,
"Thread": 41877693,
"EventTime": "2021-09-07T16:20:00.529295-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:20:00.642994-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240706,
"ParentPID": 6684890,
"Thread": 41877693,
"EventTime": "2021-09-07T16:20:00.529295-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:20:00.643815-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 15:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240706,
"ParentPID": 6684890,
"Thread": 41877693,
"EventTime": "2021-09-07T16:20:00.531340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:20:00.644564-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240706,
"ParentPID": 6684890,
"Thread": 41877693,
"EventTime": "2021-09-07T16:20:00.532104-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:20:00.645331-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /var/ct/cfg/ctrmc.mcptbl.11206744 topath: /var/ct/cfg/ctrmc.mcptbl",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "rmcd",
"PID": 5111982,
"ParentPID": 3997920,
"Thread": 20512883,
"EventTime": "2021-09-07T16:24:19.552376-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:24:19.694691-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00051119824At7ay",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rmcd",
"PID": 5111982,
"ParentPID": 3997920,
"Thread": 20512883,
"EventTime": "2021-09-07T16:24:19.552376-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:24:19.695512-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC001120674447GMay",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26345509,
"EventTime": "2021-09-07T16:24:19.552376-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:24:19.696248-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/ct/cfg/ctrmc.mcptbl.11206744",
"Status": 1,
"EventType": "FILE_Unlink",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26345509,
"EventTime": "2021-09-07T16:24:19.552376-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:24:19.696979-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "chrmcacl",
"PID": 9240708,
"ParentPID": 11206744,
"Thread": 30277685,
"EventTime": "2021-09-07T16:24:19.572341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:24:19.697709-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "linkname /var/ct/cfg/ctrmc.acls filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Link",
"Command": "chrmcacl",
"PID": 9240708,
"ParentPID": 11206744,
"Thread": 30277685,
"EventTime": "2021-09-07T16:24:19.572341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:24:19.698440-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /var/ct/cfg/ctrmc.acls.9240708 topath: /var/ct/cfg/ctrmc.acls",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "chrmcacl",
"PID": 9240708,
"ParentPID": 11206744,
"Thread": 30277685,
"EventTime": "2021-09-07T16:24:19.572341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:24:19.699159-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00051119824It7az",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rmcd",
"PID": 5111982,
"ParentPID": 3997920,
"Thread": 20512883,
"EventTime": "2021-09-07T16:24:19.577359-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:24:19.699886-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00112067444IGMaz",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26345509,
"EventTime": "2021-09-07T16:24:19.577359-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:24:19.700595-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240710,
"ParentPID": 6684890,
"Thread": 38469805,
"EventTime": "2021-09-07T16:25:00.531342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:25:00.596108-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240710,
"ParentPID": 6684890,
"Thread": 38469805,
"EventTime": "2021-09-07T16:25:00.531342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:25:00.596937-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 15:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240710,
"ParentPID": 6684890,
"Thread": 38469805,
"EventTime": "2021-09-07T16:25:00.541340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:25:00.597804-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240710,
"ParentPID": 6684890,
"Thread": 38469805,
"EventTime": "2021-09-07T16:25:00.542331-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:25:00.598539-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.08192122",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10223764,
"ParentPID": 8192122,
"Thread": 33423453,
"EventTime": "2021-09-07T16:25:00.552450-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:25:00.599087-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /var/ct/cfg/ct_has.thl.pend topath: /var/ct/cfg/ct_has.thl",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26083357,
"EventTime": "2021-09-07T16:25:26.573027-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:25:26.764333-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/ct/cfg/ct_has.thl.pend",
"Status": 1,
"EventType": "FILE_Unlink",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26083357,
"EventTime": "2021-09-07T16:25:26.573027-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:25:26.765164-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "chrmcacl",
"PID": 9240712,
"ParentPID": 11206744,
"Thread": 30605327,
"EventTime": "2021-09-07T16:25:26.593057-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:25:26.765907-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "linkname /var/ct/cfg/ctrmc.acls filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Link",
"Command": "chrmcacl",
"PID": 9240712,
"ParentPID": 11206744,
"Thread": 30605327,
"EventTime": "2021-09-07T16:25:26.593057-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:25:26.766647-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /var/ct/cfg/ctrmc.acls.9240712 topath: /var/ct/cfg/ctrmc.acls",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "chrmcacl",
"PID": 9240712,
"ParentPID": 11206744,
"Thread": 30605327,
"EventTime": "2021-09-07T16:25:26.593057-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:25:26.767378-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /var/ct/cfg/ctrmc.mcptbl.11206744 topath: /var/ct/cfg/ctrmc.mcptbl",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "rmcd",
"PID": 5111982,
"ParentPID": 3997920,
"Thread": 20512883,
"EventTime": "2021-09-07T16:25:26.593057-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:25:26.768103-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005111982aEt7a1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rmcd",
"PID": 5111982,
"ParentPID": 3997920,
"Thread": 20512883,
"EventTime": "2021-09-07T16:25:26.600341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:25:26.768823-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011206744aAGMa1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26083357,
"EventTime": "2021-09-07T16:25:26.600341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:25:26.769556-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/ct/cfg/ctrmc.mcptbl.11206744",
"Status": 1,
"EventType": "FILE_Unlink",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26083357,
"EventTime": "2021-09-07T16:25:26.600341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:25:26.770264-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "chrmcacl",
"PID": 9240714,
"ParentPID": 11206744,
"Thread": 30605329,
"EventTime": "2021-09-07T16:25:26.623068-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:25:26.771020-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "linkname /var/ct/cfg/ctrmc.acls filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Link",
"Command": "chrmcacl",
"PID": 9240714,
"ParentPID": 11206744,
"Thread": 30605329,
"EventTime": "2021-09-07T16:25:26.623068-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:25:26.771790-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /var/ct/cfg/ctrmc.acls.9240714 topath: /var/ct/cfg/ctrmc.acls",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "chrmcacl",
"PID": 9240714,
"ParentPID": 11206744,
"Thread": 30605329,
"EventTime": "2021-09-07T16:25:26.623068-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:25:26.772489-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005111982aMt7a2",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rmcd",
"PID": 5111982,
"ParentPID": 3997920,
"Thread": 20512883,
"EventTime": "2021-09-07T16:25:26.623068-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:25:26.773141-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011206744aMGMa2",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26083357,
"EventTime": "2021-09-07T16:25:26.630370-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:25:26.773811-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /var/ct/cfg/ct_has.thl.pend topath: /var/ct/cfg/ct_has.thl",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26083357,
"EventTime": "2021-09-07T16:26:26.635987-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:26:26.879247-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/ct/cfg/ct_has.thl.pend",
"Status": 1,
"EventType": "FILE_Unlink",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26083357,
"EventTime": "2021-09-07T16:26:26.638342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:26:26.880065-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "chrmcacl",
"PID": 9240716,
"ParentPID": 11206744,
"Thread": 30605331,
"EventTime": "2021-09-07T16:26:26.658923-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:26:26.880809-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "linkname /var/ct/cfg/ctrmc.acls filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Link",
"Command": "chrmcacl",
"PID": 9240716,
"ParentPID": 11206744,
"Thread": 30605331,
"EventTime": "2021-09-07T16:26:26.658923-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:26:26.881556-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /var/ct/cfg/ctrmc.acls.9240716 topath: /var/ct/cfg/ctrmc.acls",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "chrmcacl",
"PID": 9240716,
"ParentPID": 11206744,
"Thread": 30605331,
"EventTime": "2021-09-07T16:26:26.658923-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:26:26.882304-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "chrmcacl",
"PID": 9240718,
"ParentPID": 11206744,
"Thread": 30605333,
"EventTime": "2021-09-07T16:26:26.681392-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:26:26.883022-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "linkname /var/ct/cfg/ctrmc.acls filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Link",
"Command": "chrmcacl",
"PID": 9240718,
"ParentPID": 11206744,
"Thread": 30605333,
"EventTime": "2021-09-07T16:26:26.681392-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:26:26.883737-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /var/ct/cfg/ctrmc.acls.9240718 topath: /var/ct/cfg/ctrmc.acls",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "chrmcacl",
"PID": 9240718,
"ParentPID": 11206744,
"Thread": 30605333,
"EventTime": "2021-09-07T16:26:26.681392-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:26:26.884470-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005111982Uit7a3",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rmcd",
"PID": 5111982,
"ParentPID": 3997920,
"Thread": 20512883,
"EventTime": "2021-09-07T16:26:26.686091-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:26:26.885174-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011206744UiGMa3",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26083357,
"EventTime": "2021-09-07T16:26:26.686091-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:26:26.885887-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240720,
"ParentPID": 6684890,
"Thread": 39518403,
"EventTime": "2021-09-07T16:30:00.561340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:30:00.790912-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240720,
"ParentPID": 6684890,
"Thread": 39518403,
"EventTime": "2021-09-07T16:30:00.561340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:30:00.791739-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 15:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240720,
"ParentPID": 6684890,
"Thread": 39518403,
"EventTime": "2021-09-07T16:30:00.561340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:30:00.792572-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240720,
"ParentPID": 6684890,
"Thread": 39518403,
"EventTime": "2021-09-07T16:30:00.561340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:30:00.793326-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192126,
"ParentPID": 5439688,
"Thread": 35127369,
"EventTime": "2021-09-07T16:32:16.006340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:16.035896-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9240724.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9240724,
"ParentPID": 8192126,
"Thread": 47382573,
"EventTime": "2021-09-07T16:32:16.138740-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:16.337218-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9240724",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10223780,
"ParentPID": 9240724,
"Thread": 36896847,
"EventTime": "2021-09-07T16:32:16.171643-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:16.338045-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10223780,
"ParentPID": 9240724,
"Thread": 36896847,
"EventTime": "2021-09-07T16:32:16.178786-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:16.338782-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223784aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223784,
"ParentPID": 9240724,
"Thread": 36896851,
"EventTime": "2021-09-07T16:32:16.186902-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:16.339517-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223784aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223784,
"ParentPID": 9240724,
"Thread": 36896851,
"EventTime": "2021-09-07T16:32:16.188790-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:16.340233-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223784aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223784,
"ParentPID": 9240724,
"Thread": 36896851,
"EventTime": "2021-09-07T16:32:16.188790-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:16.340941-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9240724/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10223786,
"ParentPID": 9240724,
"Thread": 36896853,
"EventTime": "2021-09-07T16:32:16.198794-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:16.341652-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9240724",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10223788,
"ParentPID": 9240724,
"Thread": 36896855,
"EventTime": "2021-09-07T16:32:16.198794-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:16.342369-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9240726,
"ParentPID": 8192126,
"Thread": 47382575,
"EventTime": "2021-09-07T16:32:16.208797-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:16.343078-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240726,
"ParentPID": 8192126,
"Thread": 47382575,
"EventTime": "2021-09-07T16:32:16.208797-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:16.343782-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192128,
"ParentPID": 5439688,
"Thread": 35127371,
"EventTime": "2021-09-07T16:32:16.609874-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:16.647197-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9240728.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9240728,
"ParentPID": 8192128,
"Thread": 47382577,
"EventTime": "2021-09-07T16:32:16.740227-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:16.951443-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9240728",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10223804,
"ParentPID": 9240728,
"Thread": 36896871,
"EventTime": "2021-09-07T16:32:16.770238-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:16.952263-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10223804,
"ParentPID": 9240728,
"Thread": 36896871,
"EventTime": "2021-09-07T16:32:16.780241-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:16.952999-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223808aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223808,
"ParentPID": 9240728,
"Thread": 36896875,
"EventTime": "2021-09-07T16:32:16.790245-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:16.953732-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223808aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223808,
"ParentPID": 9240728,
"Thread": 36896875,
"EventTime": "2021-09-07T16:32:16.790245-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:16.954452-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223808aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223808,
"ParentPID": 9240728,
"Thread": 36896875,
"EventTime": "2021-09-07T16:32:16.790245-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:16.955166-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9240728/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10223810,
"ParentPID": 9240728,
"Thread": 36896877,
"EventTime": "2021-09-07T16:32:16.800249-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:16.955875-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9240728",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10223812,
"ParentPID": 9240728,
"Thread": 36896879,
"EventTime": "2021-09-07T16:32:16.806340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:16.956635-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9240730,
"ParentPID": 8192128,
"Thread": 47382579,
"EventTime": "2021-09-07T16:32:16.810252-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:16.957349-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240730,
"ParentPID": 8192128,
"Thread": 47382579,
"EventTime": "2021-09-07T16:32:16.810252-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:16.958109-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192130,
"ParentPID": 5439688,
"Thread": 35127373,
"EventTime": "2021-09-07T16:32:17.856340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:17.863800-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9240732.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9240732,
"ParentPID": 8192130,
"Thread": 47382581,
"EventTime": "2021-09-07T16:32:17.986340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:18.167227-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9240732",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10223828,
"ParentPID": 9240732,
"Thread": 36896895,
"EventTime": "2021-09-07T16:32:18.019725-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:18.168047-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10223828,
"ParentPID": 9240732,
"Thread": 36896895,
"EventTime": "2021-09-07T16:32:18.026340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:18.168783-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223832aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223832,
"ParentPID": 9240732,
"Thread": 36896899,
"EventTime": "2021-09-07T16:32:18.046341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:18.169511-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10748088",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10485846,
"ParentPID": 10748088,
"Thread": 37552267,
"EventTime": "2021-09-07T16:32:18.046341-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:18.170053-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223832aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223832,
"ParentPID": 9240732,
"Thread": 36896899,
"EventTime": "2021-09-07T16:32:18.046341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:18.170766-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223832aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223832,
"ParentPID": 9240732,
"Thread": 36896899,
"EventTime": "2021-09-07T16:32:18.053335-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:18.171481-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9240732/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10223834,
"ParentPID": 9240732,
"Thread": 36896901,
"EventTime": "2021-09-07T16:32:18.063339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:18.172247-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9240732",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10223836,
"ParentPID": 9240732,
"Thread": 36896903,
"EventTime": "2021-09-07T16:32:18.066341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:18.172958-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9240734,
"ParentPID": 8192130,
"Thread": 47382583,
"EventTime": "2021-09-07T16:32:18.070571-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:18.173680-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240734,
"ParentPID": 8192130,
"Thread": 47382583,
"EventTime": "2021-09-07T16:32:18.070571-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:18.174384-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192134,
"ParentPID": 5439688,
"Thread": 35127377,
"EventTime": "2021-09-07T16:32:29.616340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:29.886357-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192136,
"ParentPID": 5439688,
"Thread": 35127379,
"EventTime": "2021-09-07T16:32:30.999510-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:31.090664-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192138,
"ParentPID": 5439688,
"Thread": 35127381,
"EventTime": "2021-09-07T16:32:32.376340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:32.604975-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192140,
"ParentPID": 5439688,
"Thread": 35127383,
"EventTime": "2021-09-07T16:32:33.757216-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:33.818238-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9240736.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9240736,
"ParentPID": 8192140,
"Thread": 47382585,
"EventTime": "2021-09-07T16:32:33.888276-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:34.127189-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9240736",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10223852,
"ParentPID": 9240736,
"Thread": 36896919,
"EventTime": "2021-09-07T16:32:33.927613-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:34.128003-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10223852,
"ParentPID": 9240736,
"Thread": 36896919,
"EventTime": "2021-09-07T16:32:33.927613-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:34.128743-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223856aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223856,
"ParentPID": 9240736,
"Thread": 36896923,
"EventTime": "2021-09-07T16:32:33.937616-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:34.129468-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223856aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223856,
"ParentPID": 9240736,
"Thread": 36896923,
"EventTime": "2021-09-07T16:32:33.944270-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:34.130187-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223856aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223856,
"ParentPID": 9240736,
"Thread": 36896923,
"EventTime": "2021-09-07T16:32:33.946341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:34.130900-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9240736/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10223862,
"ParentPID": 9240736,
"Thread": 36896929,
"EventTime": "2021-09-07T16:32:33.957622-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:34.131613-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9240736",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10223864,
"ParentPID": 9240736,
"Thread": 36896931,
"EventTime": "2021-09-07T16:32:33.957622-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:34.132335-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9240738,
"ParentPID": 8192140,
"Thread": 47382587,
"EventTime": "2021-09-07T16:32:33.957622-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:34.133043-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240738,
"ParentPID": 8192140,
"Thread": 47382587,
"EventTime": "2021-09-07T16:32:33.957622-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:34.133747-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192142,
"ParentPID": 5439688,
"Thread": 35127385,
"EventTime": "2021-09-07T16:32:35.225340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:35.341229-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9240740.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9240740,
"ParentPID": 8192142,
"Thread": 47382589,
"EventTime": "2021-09-07T16:32:35.355340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:35.645863-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9240740",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10223624,
"ParentPID": 9240740,
"Thread": 36896947,
"EventTime": "2021-09-07T16:32:35.385340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:35.646679-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10223624,
"ParentPID": 9240740,
"Thread": 36896947,
"EventTime": "2021-09-07T16:32:35.395367-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:35.647419-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223628aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223628,
"ParentPID": 9240740,
"Thread": 36896951,
"EventTime": "2021-09-07T16:32:35.400333-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:35.648147-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223628aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223628,
"ParentPID": 9240740,
"Thread": 36896951,
"EventTime": "2021-09-07T16:32:35.405340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:35.648872-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223628aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223628,
"ParentPID": 9240740,
"Thread": 36896951,
"EventTime": "2021-09-07T16:32:35.405340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:35.649588-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9240740/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10223630,
"ParentPID": 9240740,
"Thread": 36896953,
"EventTime": "2021-09-07T16:32:35.415340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:35.650306-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9240740",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10223632,
"ParentPID": 9240740,
"Thread": 36896955,
"EventTime": "2021-09-07T16:32:35.420344-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:35.651034-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9240742,
"ParentPID": 8192142,
"Thread": 47382591,
"EventTime": "2021-09-07T16:32:35.420344-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:35.651739-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240742,
"ParentPID": 8192142,
"Thread": 47382591,
"EventTime": "2021-09-07T16:32:35.420344-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:35.652445-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192144,
"ParentPID": 5439688,
"Thread": 35127387,
"EventTime": "2021-09-07T16:32:36.685340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:32:36.865188-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-07T16:33:10.284340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:33:10.524200-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223654VIDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223654,
"ParentPID": 9240752,
"Thread": 38338569,
"EventTime": "2021-09-07T16:33:57.483341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:33:57.700773-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9240760,
"ParentPID": 8192146,
"Thread": 37748957,
"EventTime": "2021-09-07T16:33:57.499595-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:33:57.701592-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223678W3Daaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223678,
"ParentPID": 9240762,
"Thread": 38338593,
"EventTime": "2021-09-07T16:33:57.593344-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:33:57.702330-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192148,
"ParentPID": 6684890,
"Thread": 29491375,
"EventTime": "2021-09-07T16:35:00.564705-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:35:00.791778-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192148,
"ParentPID": 6684890,
"Thread": 29491375,
"EventTime": "2021-09-07T16:35:00.564705-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:35:00.792617-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 15:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192148,
"ParentPID": 6684890,
"Thread": 29491375,
"EventTime": "2021-09-07T16:35:00.564705-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:35:00.793384-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192148,
"ParentPID": 6684890,
"Thread": 29491375,
"EventTime": "2021-09-07T16:35:00.574708-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:35:00.794133-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223682,
"ParentPID": 6684890,
"Thread": 28901623,
"EventTime": "2021-09-07T16:40:00.577929-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:40:00.678845-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223682,
"ParentPID": 6684890,
"Thread": 28901623,
"EventTime": "2021-09-07T16:40:00.577929-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:40:00.679638-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 15:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223682,
"ParentPID": 6684890,
"Thread": 28901623,
"EventTime": "2021-09-07T16:40:00.577929-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:40:00.680410-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223682,
"ParentPID": 6684890,
"Thread": 28901623,
"EventTime": "2021-09-07T16:40:00.577929-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:40:00.681176-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223684,
"ParentPID": 5439688,
"Thread": 45416537,
"EventTime": "2021-09-07T16:41:02.119434-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:41:02.273997-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223686,
"ParentPID": 6684890,
"Thread": 45416547,
"EventTime": "2021-09-07T16:45:00.589398-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:45:00.804764-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223686,
"ParentPID": 6684890,
"Thread": 45416547,
"EventTime": "2021-09-07T16:45:00.589398-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:45:00.805606-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 15:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223686,
"ParentPID": 6684890,
"Thread": 45416547,
"EventTime": "2021-09-07T16:45:00.589398-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:45:00.806368-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223686,
"ParentPID": 6684890,
"Thread": 45416547,
"EventTime": "2021-09-07T16:45:00.589398-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:45:00.807109-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010748134QyFaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10748134,
"ParentPID": 8192160,
"Thread": 39518431,
"EventTime": "2021-09-07T16:48:57.722371-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:48:57.960803-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192168,
"ParentPID": 10223688,
"Thread": 40763477,
"EventTime": "2021-09-07T16:48:57.739536-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:48:57.961587-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010748158RiFaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10748158,
"ParentPID": 8192170,
"Thread": 39518455,
"EventTime": "2021-09-07T16:48:57.832340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:48:57.962331-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192172,
"ParentPID": 6684890,
"Thread": 40763487,
"EventTime": "2021-09-07T16:50:00.600340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:50:00.782478-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192172,
"ParentPID": 6684890,
"Thread": 40763487,
"EventTime": "2021-09-07T16:50:00.600340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:50:00.783337-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 15:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192172,
"ParentPID": 6684890,
"Thread": 40763487,
"EventTime": "2021-09-07T16:50:00.600340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:50:00.784102-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192172,
"ParentPID": 6684890,
"Thread": 40763487,
"EventTime": "2021-09-07T16:50:00.600340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:50:00.784848-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192174,
"ParentPID": 6684890,
"Thread": 27197477,
"EventTime": "2021-09-07T16:55:00.610911-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:55:00.711879-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192174,
"ParentPID": 6684890,
"Thread": 27197477,
"EventTime": "2021-09-07T16:55:00.610911-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:55:00.712697-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 15:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192174,
"ParentPID": 6684890,
"Thread": 27197477,
"EventTime": "2021-09-07T16:55:00.610911-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:55:00.713443-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192174,
"ParentPID": 6684890,
"Thread": 27197477,
"EventTime": "2021-09-07T16:55:00.610911-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:55:00.714182-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10747904",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10223690,
"ParentPID": 10747904,
"Thread": 38928637,
"EventTime": "2021-09-07T16:55:00.626774-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T16:55:00.714735-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192176,
"ParentPID": 6684890,
"Thread": 47644701,
"EventTime": "2021-09-07T17:00:00.635965-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:00:00.923247-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192176,
"ParentPID": 6684890,
"Thread": 47644701,
"EventTime": "2021-09-07T17:00:00.635965-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:00:00.924076-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 16:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192176,
"ParentPID": 6684890,
"Thread": 47644701,
"EventTime": "2021-09-07T17:00:00.635965-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:00:00.924827-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192176,
"ParentPID": 6684890,
"Thread": 47644701,
"EventTime": "2021-09-07T17:00:00.635965-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:00:00.925573-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223712LeDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223712,
"ParentPID": 8192188,
"Thread": 30736445,
"EventTime": "2021-09-07T17:03:57.961395-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:03:57.999225-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192196,
"ParentPID": 10747910,
"Thread": 34799719,
"EventTime": "2021-09-07T17:03:57.977096-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:03:57.999989-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223736LQDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223736,
"ParentPID": 8192198,
"Thread": 30736469,
"EventTime": "2021-09-07T17:03:58.075031-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:03:58.302196-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192200,
"ParentPID": 6684890,
"Thread": 47644713,
"EventTime": "2021-09-07T17:05:00.639341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:05:00.798924-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192200,
"ParentPID": 6684890,
"Thread": 47644713,
"EventTime": "2021-09-07T17:05:00.639341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:05:00.799907-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 16:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192200,
"ParentPID": 6684890,
"Thread": 47644713,
"EventTime": "2021-09-07T17:05:00.647548-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:05:00.800723-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192200,
"ParentPID": 6684890,
"Thread": 47644713,
"EventTime": "2021-09-07T17:05:00.647548-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:05:00.801475-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192202,
"ParentPID": 6684890,
"Thread": 44826879,
"EventTime": "2021-09-07T17:10:00.649374-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:10:00.714205-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192202,
"ParentPID": 6684890,
"Thread": 44826879,
"EventTime": "2021-09-07T17:10:00.649374-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:10:00.714981-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 16:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192202,
"ParentPID": 6684890,
"Thread": 44826879,
"EventTime": "2021-09-07T17:10:00.649374-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:10:00.715731-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192202,
"ParentPID": 6684890,
"Thread": 44826879,
"EventTime": "2021-09-07T17:10:00.649374-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:10:00.716470-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10747914,
"ParentPID": 6684890,
"Thread": 30933193,
"EventTime": "2021-09-07T17:15:00.659167-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:15:00.950204-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10747914,
"ParentPID": 6684890,
"Thread": 30933193,
"EventTime": "2021-09-07T17:15:00.659167-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:15:00.951030-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 16:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10747914,
"ParentPID": 6684890,
"Thread": 30933193,
"EventTime": "2021-09-07T17:15:00.659167-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:15:00.951786-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10747914,
"ParentPID": 6684890,
"Thread": 30933193,
"EventTime": "2021-09-07T17:15:00.659167-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:15:00.952532-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223758FQDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223758,
"ParentPID": 8192214,
"Thread": 28901407,
"EventTime": "2021-09-07T17:18:58.201341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:18:58.372248-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192222,
"ParentPID": 10747916,
"Thread": 43516097,
"EventTime": "2021-09-07T17:18:58.221340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:18:58.373072-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223782G7Daaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223782,
"ParentPID": 8192224,
"Thread": 28901431,
"EventTime": "2021-09-07T17:18:58.314512-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:18:58.373818-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192226,
"ParentPID": 6684890,
"Thread": 43516107,
"EventTime": "2021-09-07T17:20:00.670923-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:20:00.894419-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192226,
"ParentPID": 6684890,
"Thread": 43516107,
"EventTime": "2021-09-07T17:20:00.670923-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:20:00.895237-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 16:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192226,
"ParentPID": 6684890,
"Thread": 43516107,
"EventTime": "2021-09-07T17:20:00.670923-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:20:00.895997-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192226,
"ParentPID": 6684890,
"Thread": 43516107,
"EventTime": "2021-09-07T17:20:00.670923-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:20:00.896749-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192228,
"ParentPID": 6684890,
"Thread": 45875297,
"EventTime": "2021-09-07T17:25:00.685458-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:25:00.783621-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192228,
"ParentPID": 6684890,
"Thread": 45875297,
"EventTime": "2021-09-07T17:25:00.685458-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:25:00.784401-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 16:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192228,
"ParentPID": 6684890,
"Thread": 45875297,
"EventTime": "2021-09-07T17:25:00.685458-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:25:00.785185-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192228,
"ParentPID": 6684890,
"Thread": 45875297,
"EventTime": "2021-09-07T17:25:00.685458-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:25:00.785939-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192230,
"ParentPID": 5439688,
"Thread": 34013357,
"EventTime": "2021-09-07T17:28:08.742340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:28:08.938947-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh5636280.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 5636280,
"ParentPID": 8192230,
"Thread": 34406415,
"EventTime": "2021-09-07T17:28:08.872340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:28:08.939736-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.5636280",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11469010,
"ParentPID": 5636280,
"Thread": 38666287,
"EventTime": "2021-09-07T17:28:08.907982-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:28:08.940482-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11469010,
"ParentPID": 5636280,
"Thread": 38666287,
"EventTime": "2021-09-07T17:28:08.912341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:28:08.941220-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11469014aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11469014,
"ParentPID": 5636280,
"Thread": 38666291,
"EventTime": "2021-09-07T17:28:08.922340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:28:08.941955-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11469014aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11469014,
"ParentPID": 5636280,
"Thread": 38666291,
"EventTime": "2021-09-07T17:28:08.922340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:28:08.942721-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11469014aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11469014,
"ParentPID": 5636280,
"Thread": 38666291,
"EventTime": "2021-09-07T17:28:08.922340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:28:08.943507-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.5636280/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11469020,
"ParentPID": 5636280,
"Thread": 38666297,
"EventTime": "2021-09-07T17:28:08.932341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:28:08.944246-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.5636280",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11469022,
"ParentPID": 5636280,
"Thread": 38666299,
"EventTime": "2021-09-07T17:28:08.942340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:28:09.249639-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 5636282,
"ParentPID": 8192230,
"Thread": 34406417,
"EventTime": "2021-09-07T17:28:08.947996-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:28:09.250459-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636282,
"ParentPID": 8192230,
"Thread": 34406417,
"EventTime": "2021-09-07T17:28:08.947996-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:28:09.251217-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192232,
"ParentPID": 5439688,
"Thread": 34013359,
"EventTime": "2021-09-07T17:28:09.472340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:28:09.553174-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh5636284.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 5636284,
"ParentPID": 8192232,
"Thread": 34406419,
"EventTime": "2021-09-07T17:28:09.602340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:28:09.861192-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.5636284",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11469038,
"ParentPID": 5636284,
"Thread": 38666315,
"EventTime": "2021-09-07T17:28:09.639798-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:28:09.861974-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11469038,
"ParentPID": 5636284,
"Thread": 38666315,
"EventTime": "2021-09-07T17:28:09.642340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:28:09.862763-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11469042aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11469042,
"ParentPID": 5636284,
"Thread": 38666319,
"EventTime": "2021-09-07T17:28:09.652341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:28:09.863558-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11469042aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11469042,
"ParentPID": 5636284,
"Thread": 38666319,
"EventTime": "2021-09-07T17:28:09.652341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:28:09.864294-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11469042aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11469042,
"ParentPID": 5636284,
"Thread": 38666319,
"EventTime": "2021-09-07T17:28:09.659806-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:28:09.865025-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.5636284/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11469048,
"ParentPID": 5636284,
"Thread": 38666325,
"EventTime": "2021-09-07T17:28:09.669810-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:28:09.865752-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.5636284",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11469050,
"ParentPID": 5636284,
"Thread": 38666327,
"EventTime": "2021-09-07T17:28:09.672340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:28:09.866508-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 5636286,
"ParentPID": 8192232,
"Thread": 34406421,
"EventTime": "2021-09-07T17:28:09.672340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:28:09.867229-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636286,
"ParentPID": 8192232,
"Thread": 34406421,
"EventTime": "2021-09-07T17:28:09.672340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:28:09.867955-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192234,
"ParentPID": 6684890,
"Thread": 42139817,
"EventTime": "2021-09-07T17:30:00.688341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:30:00.768012-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192234,
"ParentPID": 6684890,
"Thread": 42139817,
"EventTime": "2021-09-07T17:30:00.688341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:30:00.768858-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 16:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192234,
"ParentPID": 6684890,
"Thread": 42139817,
"EventTime": "2021-09-07T17:30:00.696935-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:30:00.769691-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192234,
"ParentPID": 6684890,
"Thread": 42139817,
"EventTime": "2021-09-07T17:30:00.698340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:30:00.770453-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.05636288",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 11469052,
"ParentPID": 5636288,
"Thread": 49676539,
"EventTime": "2021-09-07T17:30:00.710806-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:30:00.771014-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-07T17:33:10.162340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:33:10.385900-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011468818A3HMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468818,
"ParentPID": 5636298,
"Thread": 31195137,
"EventTime": "2021-09-07T17:33:58.440376-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:33:58.494091-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 5636306,
"ParentPID": 8192238,
"Thread": 42467517,
"EventTime": "2021-09-07T17:33:58.451515-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:33:58.494868-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011468842BmHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468842,
"ParentPID": 5636308,
"Thread": 31195161,
"EventTime": "2021-09-07T17:33:58.551549-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:33:58.799160-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192240,
"ParentPID": 6684890,
"Thread": 23855179,
"EventTime": "2021-09-07T17:35:00.714616-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:35:01.016319-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192240,
"ParentPID": 6684890,
"Thread": 23855179,
"EventTime": "2021-09-07T17:35:00.714616-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:35:01.017149-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 16:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192240,
"ParentPID": 6684890,
"Thread": 23855179,
"EventTime": "2021-09-07T17:35:00.714616-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:35:01.017911-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192240,
"ParentPID": 6684890,
"Thread": 23855179,
"EventTime": "2021-09-07T17:35:00.714616-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:35:01.018665-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636312,
"ParentPID": 6684890,
"Thread": 46006423,
"EventTime": "2021-09-07T17:40:00.728341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:40:00.926091-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636312,
"ParentPID": 6684890,
"Thread": 46006423,
"EventTime": "2021-09-07T17:40:00.728341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:40:00.926936-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 16:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636312,
"ParentPID": 6684890,
"Thread": 46006423,
"EventTime": "2021-09-07T17:40:00.728341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:40:00.927699-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636312,
"ParentPID": 6684890,
"Thread": 46006423,
"EventTime": "2021-09-07T17:40:00.728341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:40:00.928482-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636314,
"ParentPID": 6684890,
"Thread": 39321633,
"EventTime": "2021-09-07T17:45:00.736006-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:45:00.751838-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636314,
"ParentPID": 6684890,
"Thread": 39321633,
"EventTime": "2021-09-07T17:45:00.736006-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:45:00.752677-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 16:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636314,
"ParentPID": 6684890,
"Thread": 39321633,
"EventTime": "2021-09-07T17:45:00.736006-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:45:00.753446-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636314,
"ParentPID": 6684890,
"Thread": 39321633,
"EventTime": "2021-09-07T17:45:00.736006-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:45:00.754191-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00114688646mHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468864,
"ParentPID": 8192252,
"Thread": 46006457,
"EventTime": "2021-09-07T17:48:58.680340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:48:58.783362-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192004,
"ParentPID": 5636316,
"Thread": 28966945,
"EventTime": "2021-09-07T17:48:58.690340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:48:58.784146-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00110101806UGaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11010180,
"ParentPID": 9240596,
"Thread": 38535175,
"EventTime": "2021-09-07T17:48:58.790340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:48:59.086450-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240598,
"ParentPID": 6684890,
"Thread": 34013377,
"EventTime": "2021-09-07T17:50:00.743953-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:50:01.023300-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240598,
"ParentPID": 6684890,
"Thread": 34013377,
"EventTime": "2021-09-07T17:50:00.743953-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:50:01.024130-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 16:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240598,
"ParentPID": 6684890,
"Thread": 34013377,
"EventTime": "2021-09-07T17:50:00.743953-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:50:01.024903-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240598,
"ParentPID": 6684890,
"Thread": 34013377,
"EventTime": "2021-09-07T17:50:00.743953-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:50:01.025653-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240600,
"ParentPID": 6684890,
"Thread": 31785145,
"EventTime": "2021-09-07T17:55:00.758340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:55:00.919208-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240600,
"ParentPID": 6684890,
"Thread": 31785145,
"EventTime": "2021-09-07T17:55:00.758340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:55:00.920048-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 16:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240600,
"ParentPID": 6684890,
"Thread": 31785145,
"EventTime": "2021-09-07T17:55:00.758340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:55:00.920818-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240600,
"ParentPID": 6684890,
"Thread": 31785145,
"EventTime": "2021-09-07T17:55:00.758340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T17:55:00.921565-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240602,
"ParentPID": 6684890,
"Thread": 39321651,
"EventTime": "2021-09-07T18:00:00.767341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:00:00.819605-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240602,
"ParentPID": 6684890,
"Thread": 39321651,
"EventTime": "2021-09-07T18:00:00.767341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:00:00.820434-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 17:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240602,
"ParentPID": 6684890,
"Thread": 39321651,
"EventTime": "2021-09-07T18:00:00.768619-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:00:00.821186-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240602,
"ParentPID": 6684890,
"Thread": 39321651,
"EventTime": "2021-09-07T18:00:00.768619-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:00:00.821930-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010289338zUDqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10289338,
"ParentPID": 9371902,
"Thread": 39518237,
"EventTime": "2021-09-07T18:03:58.919340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:03:59.108123-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9371654,
"ParentPID": 9240608,
"Thread": 36307137,
"EventTime": "2021-09-07T18:03:58.939340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:03:59.108928-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00102893621ADqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10289362,
"ParentPID": 9371656,
"Thread": 39518261,
"EventTime": "2021-09-07T18:03:59.029341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:03:59.109687-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240610,
"ParentPID": 6684890,
"Thread": 39321665,
"EventTime": "2021-09-07T18:05:00.768370-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:05:00.999818-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240610,
"ParentPID": 6684890,
"Thread": 39321665,
"EventTime": "2021-09-07T18:05:00.768370-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:05:01.000632-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 17:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240610,
"ParentPID": 6684890,
"Thread": 39321665,
"EventTime": "2021-09-07T18:05:00.778373-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:05:01.001388-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240610,
"ParentPID": 6684890,
"Thread": 39321665,
"EventTime": "2021-09-07T18:05:00.779367-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:05:01.002131-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240612,
"ParentPID": 5439688,
"Thread": 39321667,
"EventTime": "2021-09-07T18:05:29.696340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:05:29.850972-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240614,
"ParentPID": 5439688,
"Thread": 39321669,
"EventTime": "2021-09-07T18:05:30.816340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:05:31.064421-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240616,
"ParentPID": 5439688,
"Thread": 39321671,
"EventTime": "2021-09-07T18:05:31.086340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:05:31.367214-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240618,
"ParentPID": 5439688,
"Thread": 39321673,
"EventTime": "2021-09-07T18:05:31.216340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:05:31.368036-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240620,
"ParentPID": 5439688,
"Thread": 39321675,
"EventTime": "2021-09-07T18:05:31.486340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:05:31.676039-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240622,
"ParentPID": 5439688,
"Thread": 39321677,
"EventTime": "2021-09-07T18:05:31.756340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:05:31.977162-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240624,
"ParentPID": 5439688,
"Thread": 39321679,
"EventTime": "2021-09-07T18:05:32.026340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:05:32.278472-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240626,
"ParentPID": 5439688,
"Thread": 39321681,
"EventTime": "2021-09-07T18:05:32.286830-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:05:32.587226-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240628,
"ParentPID": 5439688,
"Thread": 39321683,
"EventTime": "2021-09-07T18:05:32.547531-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:05:32.588043-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240630,
"ParentPID": 5439688,
"Thread": 39321685,
"EventTime": "2021-09-07T18:05:32.808174-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:05:32.889223-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240632,
"ParentPID": 6684890,
"Thread": 49741959,
"EventTime": "2021-09-07T18:10:00.787340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:10:00.980768-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240632,
"ParentPID": 6684890,
"Thread": 49741959,
"EventTime": "2021-09-07T18:10:00.787340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:10:00.981615-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 17:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240632,
"ParentPID": 6684890,
"Thread": 49741959,
"EventTime": "2021-09-07T18:10:00.787340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:10:00.982361-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240632,
"ParentPID": 6684890,
"Thread": 49741959,
"EventTime": "2021-09-07T18:10:00.789370-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:10:00.983099-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240634,
"ParentPID": 6684890,
"Thread": 46006489,
"EventTime": "2021-09-07T18:15:00.797340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:15:00.873879-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240634,
"ParentPID": 6684890,
"Thread": 46006489,
"EventTime": "2021-09-07T18:15:00.797340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:15:00.874649-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 17:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240634,
"ParentPID": 6684890,
"Thread": 46006489,
"EventTime": "2021-09-07T18:15:00.797340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:15:00.875395-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240634,
"ParentPID": 6684890,
"Thread": 46006489,
"EventTime": "2021-09-07T18:15:00.797340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:15:00.876118-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.11010190",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10485914,
"ParentPID": 11010190,
"Thread": 33554511,
"EventTime": "2021-09-07T18:15:00.810149-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:15:00.876660-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485936u7Eaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485936,
"ParentPID": 11010200,
"Thread": 44499027,
"EventTime": "2021-09-07T18:18:59.159341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:18:59.241183-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11010208,
"ParentPID": 9240636,
"Thread": 27983917,
"EventTime": "2021-09-07T18:18:59.174668-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:18:59.241943-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485960vqEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485960,
"ParentPID": 11010210,
"Thread": 44499051,
"EventTime": "2021-09-07T18:18:59.275741-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:18:59.544733-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240638,
"ParentPID": 6684890,
"Thread": 39256249,
"EventTime": "2021-09-07T18:20:00.817340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:20:00.847021-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240638,
"ParentPID": 6684890,
"Thread": 39256249,
"EventTime": "2021-09-07T18:20:00.817340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:20:00.847853-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 17:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240638,
"ParentPID": 6684890,
"Thread": 39256249,
"EventTime": "2021-09-07T18:20:00.817340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:20:00.848669-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240638,
"ParentPID": 6684890,
"Thread": 39256249,
"EventTime": "2021-09-07T18:20:00.817340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:20:00.849423-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240640,
"ParentPID": 6684890,
"Thread": 36044899,
"EventTime": "2021-09-07T18:25:00.827340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:25:01.051301-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240640,
"ParentPID": 6684890,
"Thread": 36044899,
"EventTime": "2021-09-07T18:25:00.827340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:25:01.052081-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 17:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240640,
"ParentPID": 6684890,
"Thread": 36044899,
"EventTime": "2021-09-07T18:25:00.827340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:25:01.052839-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240640,
"ParentPID": 6684890,
"Thread": 36044899,
"EventTime": "2021-09-07T18:25:00.827340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:25:01.053570-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240642,
"ParentPID": 6684890,
"Thread": 39256269,
"EventTime": "2021-09-07T18:30:00.840181-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:30:01.026197-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240642,
"ParentPID": 6684890,
"Thread": 39256269,
"EventTime": "2021-09-07T18:30:00.840181-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:30:01.027059-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 17:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240642,
"ParentPID": 6684890,
"Thread": 39256269,
"EventTime": "2021-09-07T18:30:00.840181-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:30:01.027837-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240642,
"ParentPID": 6684890,
"Thread": 39256269,
"EventTime": "2021-09-07T18:30:00.840181-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:30:01.028635-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240644,
"ParentPID": 5439688,
"Thread": 42729701,
"EventTime": "2021-09-07T18:31:47.003642-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:31:47.084233-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11010212.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11010212,
"ParentPID": 9240644,
"Thread": 34013393,
"EventTime": "2021-09-07T18:31:47.133925-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:31:47.385341-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11010212",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10485976,
"ParentPID": 11010212,
"Thread": 40763527,
"EventTime": "2021-09-07T18:31:47.163935-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:31:47.386165-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10485976,
"ParentPID": 11010212,
"Thread": 40763527,
"EventTime": "2021-09-07T18:31:47.173965-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:31:47.386908-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485980aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485980,
"ParentPID": 11010212,
"Thread": 40763531,
"EventTime": "2021-09-07T18:31:47.173965-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:31:47.387637-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485980aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485980,
"ParentPID": 11010212,
"Thread": 40763531,
"EventTime": "2021-09-07T18:31:47.183343-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:31:47.388366-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485980aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485980,
"ParentPID": 11010212,
"Thread": 40763531,
"EventTime": "2021-09-07T18:31:47.183968-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:31:47.389090-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11010212/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10485986,
"ParentPID": 11010212,
"Thread": 40763537,
"EventTime": "2021-09-07T18:31:47.193970-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:31:47.389812-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11010212",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10485988,
"ParentPID": 11010212,
"Thread": 40763539,
"EventTime": "2021-09-07T18:31:47.193970-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:31:47.390540-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11010214,
"ParentPID": 9240644,
"Thread": 34013395,
"EventTime": "2021-09-07T18:31:47.203342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:31:47.391256-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11010214,
"ParentPID": 9240644,
"Thread": 34013395,
"EventTime": "2021-09-07T18:31:47.203342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:31:47.391973-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240646,
"ParentPID": 5439688,
"Thread": 42729703,
"EventTime": "2021-09-07T18:31:47.587081-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:31:47.694181-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11010216.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11010216,
"ParentPID": 9240646,
"Thread": 34013397,
"EventTime": "2021-09-07T18:31:47.715312-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:31:47.996731-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11010216",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10486004,
"ParentPID": 11010216,
"Thread": 40763555,
"EventTime": "2021-09-07T18:31:47.753341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:31:47.997495-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10486004,
"ParentPID": 11010216,
"Thread": 40763555,
"EventTime": "2021-09-07T18:31:47.759625-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:31:47.998235-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10486008aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10486008,
"ParentPID": 11010216,
"Thread": 40763559,
"EventTime": "2021-09-07T18:31:47.765330-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:31:47.998962-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10486008aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10486008,
"ParentPID": 11010216,
"Thread": 40763559,
"EventTime": "2021-09-07T18:31:47.765330-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:31:47.999688-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10486008aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10486008,
"ParentPID": 11010216,
"Thread": 40763559,
"EventTime": "2021-09-07T18:31:47.773340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:31:48.000404-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11010216/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10486014,
"ParentPID": 11010216,
"Thread": 40763565,
"EventTime": "2021-09-07T18:31:47.783340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:31:48.001120-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11010216",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10485760,
"ParentPID": 11010216,
"Thread": 40763567,
"EventTime": "2021-09-07T18:31:47.785337-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:31:48.001840-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11010218,
"ParentPID": 9240646,
"Thread": 34013399,
"EventTime": "2021-09-07T18:31:47.785337-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:31:48.002547-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11010218,
"ParentPID": 9240646,
"Thread": 34013399,
"EventTime": "2021-09-07T18:31:47.785337-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:31:48.003260-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240648,
"ParentPID": 5439688,
"Thread": 42729705,
"EventTime": "2021-09-07T18:31:48.928209-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:31:49.209642-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11010220.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11010220,
"ParentPID": 9240648,
"Thread": 34013401,
"EventTime": "2021-09-07T18:31:49.060915-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:31:49.210484-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11010220",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10485776,
"ParentPID": 11010220,
"Thread": 40763583,
"EventTime": "2021-09-07T18:31:49.093371-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:31:49.211226-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10485776,
"ParentPID": 11010220,
"Thread": 40763583,
"EventTime": "2021-09-07T18:31:49.098549-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:31:49.211956-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485780aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485780,
"ParentPID": 11010220,
"Thread": 40763587,
"EventTime": "2021-09-07T18:31:49.109058-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:31:49.212682-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485780aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485780,
"ParentPID": 11010220,
"Thread": 40763587,
"EventTime": "2021-09-07T18:31:49.109058-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:31:49.213463-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485780aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485780,
"ParentPID": 11010220,
"Thread": 40763587,
"EventTime": "2021-09-07T18:31:49.113340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:31:49.214195-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11010220/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10485786,
"ParentPID": 11010220,
"Thread": 40763593,
"EventTime": "2021-09-07T18:31:49.123340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:31:49.214980-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11010220",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10485788,
"ParentPID": 11010220,
"Thread": 40763595,
"EventTime": "2021-09-07T18:31:49.123340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:31:49.215688-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11010222,
"ParentPID": 9240648,
"Thread": 34013403,
"EventTime": "2021-09-07T18:31:49.128560-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:31:49.216402-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11010222,
"ParentPID": 9240648,
"Thread": 34013403,
"EventTime": "2021-09-07T18:31:49.128560-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:31:49.217101-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240650,
"ParentPID": 5439688,
"Thread": 35913771,
"EventTime": "2021-09-07T18:32:00.660403-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:32:00.943317-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240652,
"ParentPID": 5439688,
"Thread": 35913773,
"EventTime": "2021-09-07T18:32:02.043341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:32:02.155367-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240654,
"ParentPID": 5439688,
"Thread": 35913775,
"EventTime": "2021-09-07T18:32:03.427118-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:32:03.673794-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240656,
"ParentPID": 5439688,
"Thread": 35913777,
"EventTime": "2021-09-07T18:32:04.810929-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:32:04.881955-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11010224.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11010224,
"ParentPID": 9240656,
"Thread": 34013405,
"EventTime": "2021-09-07T18:32:04.941269-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:32:05.183199-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11010224",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10485804,
"ParentPID": 11010224,
"Thread": 40763611,
"EventTime": "2021-09-07T18:32:04.973922-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:32:05.184020-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10485804,
"ParentPID": 11010224,
"Thread": 40763611,
"EventTime": "2021-09-07T18:32:04.973922-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:32:05.184758-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485808aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485808,
"ParentPID": 11010224,
"Thread": 40763615,
"EventTime": "2021-09-07T18:32:04.986439-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:32:05.185488-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485808aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485808,
"ParentPID": 11010224,
"Thread": 40763615,
"EventTime": "2021-09-07T18:32:04.986439-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:32:05.186224-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485808aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485808,
"ParentPID": 11010224,
"Thread": 40763615,
"EventTime": "2021-09-07T18:32:04.992340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:32:05.186943-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11010224/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10485814,
"ParentPID": 11010224,
"Thread": 40763621,
"EventTime": "2021-09-07T18:32:05.002340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:32:05.187663-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11010224",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10485816,
"ParentPID": 11010224,
"Thread": 40763623,
"EventTime": "2021-09-07T18:32:05.002340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:32:05.188391-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9371728,
"ParentPID": 9240656,
"Thread": 39321745,
"EventTime": "2021-09-07T18:32:05.021297-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:32:05.189101-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371728,
"ParentPID": 9240656,
"Thread": 39321745,
"EventTime": "2021-09-07T18:32:05.021297-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:32:05.189810-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10485818",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 11010226,
"ParentPID": 10485818,
"Thread": 34013407,
"EventTime": "2021-09-07T18:32:05.022341-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:32:05.190331-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240658,
"ParentPID": 5439688,
"Thread": 35913779,
"EventTime": "2021-09-07T18:32:06.282340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:32:06.396000-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9371730.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9371730,
"ParentPID": 9240658,
"Thread": 39321747,
"EventTime": "2021-09-07T18:32:06.412341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:32:06.703216-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9371730",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10485834,
"ParentPID": 9371730,
"Thread": 40763641,
"EventTime": "2021-09-07T18:32:06.445127-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:32:06.704043-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10485834,
"ParentPID": 9371730,
"Thread": 40763641,
"EventTime": "2021-09-07T18:32:06.452364-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:32:06.704782-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485838aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485838,
"ParentPID": 9371730,
"Thread": 40763645,
"EventTime": "2021-09-07T18:32:06.462340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:32:06.705517-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485838aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485838,
"ParentPID": 9371730,
"Thread": 40763645,
"EventTime": "2021-09-07T18:32:06.462340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:32:06.706254-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485838aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485838,
"ParentPID": 9371730,
"Thread": 40763645,
"EventTime": "2021-09-07T18:32:06.465134-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:32:06.706977-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9371730/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10485844,
"ParentPID": 9371730,
"Thread": 40763395,
"EventTime": "2021-09-07T18:32:06.475138-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:32:06.707698-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9371730",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10485846,
"ParentPID": 9371730,
"Thread": 40763397,
"EventTime": "2021-09-07T18:32:06.476552-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:32:06.708430-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9371732,
"ParentPID": 9240658,
"Thread": 39321749,
"EventTime": "2021-09-07T18:32:06.482340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:32:06.709139-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371732,
"ParentPID": 9240658,
"Thread": 39321749,
"EventTime": "2021-09-07T18:32:06.482340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:32:06.709849-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240660,
"ParentPID": 5439688,
"Thread": 35913781,
"EventTime": "2021-09-07T18:32:07.742340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:32:07.919939-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-07T18:33:10.038233-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:33:10.103216-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485868pqEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485868,
"ParentPID": 9371742,
"Thread": 33161277,
"EventTime": "2021-09-07T18:33:59.400246-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:33:59.710204-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9371750,
"ParentPID": 9240664,
"Thread": 36503749,
"EventTime": "2021-09-07T18:33:59.420253-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:33:59.711030-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485892pYEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485892,
"ParentPID": 9371752,
"Thread": 33161301,
"EventTime": "2021-09-07T18:33:59.517232-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:33:59.711763-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240666,
"ParentPID": 6684890,
"Thread": 42729715,
"EventTime": "2021-09-07T18:35:00.849932-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:35:01.046809-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240666,
"ParentPID": 6684890,
"Thread": 42729715,
"EventTime": "2021-09-07T18:35:00.849932-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:35:01.046689-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 17:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240666,
"ParentPID": 6684890,
"Thread": 42729715,
"EventTime": "2021-09-07T18:35:00.851218-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:35:01.047535-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240666,
"ParentPID": 6684890,
"Thread": 42729715,
"EventTime": "2021-09-07T18:35:00.851218-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:35:01.048282-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240668,
"ParentPID": 5439688,
"Thread": 31653979,
"EventTime": "2021-09-07T18:40:00.462196-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:40:00.683734-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240670,
"ParentPID": 6684890,
"Thread": 31653981,
"EventTime": "2021-09-07T18:40:00.856340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:40:00.984907-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240670,
"ParentPID": 6684890,
"Thread": 31653981,
"EventTime": "2021-09-07T18:40:00.856340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:40:00.985669-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 17:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240670,
"ParentPID": 6684890,
"Thread": 31653981,
"EventTime": "2021-09-07T18:40:00.856340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:40:00.986461-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240670,
"ParentPID": 6684890,
"Thread": 31653981,
"EventTime": "2021-09-07T18:40:00.856340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:40:00.987204-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240676,
"ParentPID": 6684890,
"Thread": 23855221,
"EventTime": "2021-09-07T18:45:00.867952-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:45:00.885000-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240676,
"ParentPID": 6684890,
"Thread": 23855221,
"EventTime": "2021-09-07T18:45:00.867952-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:45:00.885760-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 17:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240676,
"ParentPID": 6684890,
"Thread": 23855221,
"EventTime": "2021-09-07T18:45:00.867952-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:45:00.886541-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240676,
"ParentPID": 6684890,
"Thread": 23855221,
"EventTime": "2021-09-07T18:45:00.867952-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:45:00.887284-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485914jYEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485914,
"ParentPID": 9371762,
"Thread": 31916043,
"EventTime": "2021-09-07T18:48:59.640588-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:48:59.745515-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9371770,
"ParentPID": 9240678,
"Thread": 48169013,
"EventTime": "2021-09-07T18:48:59.660595-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:48:59.746270-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485938kEEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485938,
"ParentPID": 9371772,
"Thread": 31916067,
"EventTime": "2021-09-07T18:48:59.758364-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:49:00.047180-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371774,
"ParentPID": 6684890,
"Thread": 47382623,
"EventTime": "2021-09-07T18:50:00.880769-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:50:01.043953-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371774,
"ParentPID": 6684890,
"Thread": 47382623,
"EventTime": "2021-09-07T18:50:00.880769-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:50:01.044776-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 17:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371774,
"ParentPID": 6684890,
"Thread": 47382623,
"EventTime": "2021-09-07T18:50:00.880769-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:50:01.045519-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371774,
"ParentPID": 6684890,
"Thread": 47382623,
"EventTime": "2021-09-07T18:50:00.880769-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:50:01.046263-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371776,
"ParentPID": 6684890,
"Thread": 44826685,
"EventTime": "2021-09-07T18:55:00.886761-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:55:01.145743-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371776,
"ParentPID": 6684890,
"Thread": 44826685,
"EventTime": "2021-09-07T18:55:00.886761-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:55:01.146588-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 17:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371776,
"ParentPID": 6684890,
"Thread": 44826685,
"EventTime": "2021-09-07T18:55:00.886761-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:55:01.147387-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371776,
"ParentPID": 6684890,
"Thread": 44826685,
"EventTime": "2021-09-07T18:55:00.891999-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T18:55:01.148127-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371778,
"ParentPID": 6684890,
"Thread": 48038055,
"EventTime": "2021-09-07T19:00:00.896341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:00:01.012677-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371778,
"ParentPID": 6684890,
"Thread": 48038055,
"EventTime": "2021-09-07T19:00:00.896341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:00:01.013508-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 18:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371778,
"ParentPID": 6684890,
"Thread": 48038055,
"EventTime": "2021-09-07T19:00:00.896341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:00:01.014266-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371778,
"ParentPID": 6684890,
"Thread": 48038055,
"EventTime": "2021-09-07T19:00:00.896341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:00:01.014997-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636134eEv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636134,
"ParentPID": 9371790,
"Thread": 42729495,
"EventTime": "2021-09-07T19:03:59.878341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:03:59.890535-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9371798,
"ParentPID": 10485944,
"Thread": 42532877,
"EventTime": "2021-09-07T19:03:59.898340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:04:00.197995-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636158fuv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636158,
"ParentPID": 9371800,
"Thread": 42729519,
"EventTime": "2021-09-07T19:03:59.988340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:04:00.198836-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371802,
"ParentPID": 6684890,
"Thread": 44499075,
"EventTime": "2021-09-07T19:05:00.906634-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:05:01.190641-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371802,
"ParentPID": 6684890,
"Thread": 44499075,
"EventTime": "2021-09-07T19:05:00.906634-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:05:01.191414-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 18:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371802,
"ParentPID": 6684890,
"Thread": 44499075,
"EventTime": "2021-09-07T19:05:00.906634-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:05:01.192157-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371802,
"ParentPID": 6684890,
"Thread": 44499075,
"EventTime": "2021-09-07T19:05:00.906634-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:05:01.192884-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371804,
"ParentPID": 6684890,
"Thread": 31719495,
"EventTime": "2021-09-07T19:10:00.917635-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:10:01.119019-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371804,
"ParentPID": 6684890,
"Thread": 31719495,
"EventTime": "2021-09-07T19:10:00.917635-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:10:01.119829-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 18:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371804,
"ParentPID": 6684890,
"Thread": 31719495,
"EventTime": "2021-09-07T19:10:00.917635-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:10:01.120560-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371804,
"ParentPID": 6684890,
"Thread": 31719495,
"EventTime": "2021-09-07T19:10:00.917635-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:10:01.121278-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.05636160",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9043976,
"ParentPID": 5636160,
"Thread": 42926169,
"EventTime": "2021-09-07T19:10:00.937643-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:10:01.121820-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371806,
"ParentPID": 6684890,
"Thread": 48038083,
"EventTime": "2021-09-07T19:15:00.940889-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:15:01.020453-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371806,
"ParentPID": 6684890,
"Thread": 48038083,
"EventTime": "2021-09-07T19:15:00.940889-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:15:01.021266-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 18:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371806,
"ParentPID": 6684890,
"Thread": 48038083,
"EventTime": "2021-09-07T19:15:00.940889-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:15:01.022005-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371806,
"ParentPID": 6684890,
"Thread": 48038083,
"EventTime": "2021-09-07T19:15:00.940889-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:15:01.022736-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009043998-u97aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9043998,
"ParentPID": 5636170,
"Thread": 41222385,
"EventTime": "2021-09-07T19:19:00.117341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:19:00.234107-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 5636178,
"ParentPID": 9371808,
"Thread": 41550065,
"EventTime": "2021-09-07T19:19:00.137342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:19:00.234866-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485976-YEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485976,
"ParentPID": 11010300,
"Thread": 44302581,
"EventTime": "2021-09-07T19:19:00.227375-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:19:00.235601-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371810,
"ParentPID": 6684890,
"Thread": 28966985,
"EventTime": "2021-09-07T19:20:00.951754-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:20:01.252529-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371810,
"ParentPID": 6684890,
"Thread": 28966985,
"EventTime": "2021-09-07T19:20:00.951754-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:20:01.253301-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 18:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371810,
"ParentPID": 6684890,
"Thread": 28966985,
"EventTime": "2021-09-07T19:20:00.951754-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:20:01.254043-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371810,
"ParentPID": 6684890,
"Thread": 28966985,
"EventTime": "2021-09-07T19:20:00.951754-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:20:01.254774-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371812,
"ParentPID": 6684890,
"Thread": 22937727,
"EventTime": "2021-09-07T19:25:00.961828-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:25:01.127631-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371812,
"ParentPID": 6684890,
"Thread": 22937727,
"EventTime": "2021-09-07T19:25:00.961828-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:25:01.128441-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 18:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371812,
"ParentPID": 6684890,
"Thread": 22937727,
"EventTime": "2021-09-07T19:25:00.961828-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:25:01.129186-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371812,
"ParentPID": 6684890,
"Thread": 22937727,
"EventTime": "2021-09-07T19:25:00.961828-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:25:01.129919-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371814,
"ParentPID": 5439688,
"Thread": 29032669,
"EventTime": "2021-09-07T19:27:02.020079-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:27:02.213207-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10485978.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10485978,
"ParentPID": 9371814,
"Thread": 42926177,
"EventTime": "2021-09-07T19:27:02.144794-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:27:02.213954-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10485978",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9240712,
"ParentPID": 10485978,
"Thread": 49873105,
"EventTime": "2021-09-07T19:27:02.181340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:27:02.214686-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9240712,
"ParentPID": 10485978,
"Thread": 49873105,
"EventTime": "2021-09-07T19:27:02.183986-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:27:02.215402-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9240716aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9240716,
"ParentPID": 10485978,
"Thread": 49873109,
"EventTime": "2021-09-07T19:27:02.193990-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:27:02.216113-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9240716aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9240716,
"ParentPID": 10485978,
"Thread": 49873109,
"EventTime": "2021-09-07T19:27:02.193990-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:27:02.216824-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9240716aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9240716,
"ParentPID": 10485978,
"Thread": 49873109,
"EventTime": "2021-09-07T19:27:02.201340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:27:02.217524-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10485978/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9240722,
"ParentPID": 10485978,
"Thread": 49873115,
"EventTime": "2021-09-07T19:27:02.213998-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:27:02.518631-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10485978",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9240724,
"ParentPID": 10485978,
"Thread": 49873117,
"EventTime": "2021-09-07T19:27:02.220175-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:27:02.519389-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10485980,
"ParentPID": 9371814,
"Thread": 42926179,
"EventTime": "2021-09-07T19:27:02.224002-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:27:02.520126-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485980,
"ParentPID": 9371814,
"Thread": 42926179,
"EventTime": "2021-09-07T19:27:02.224002-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:27:02.520858-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371816,
"ParentPID": 5439688,
"Thread": 29032671,
"EventTime": "2021-09-07T19:27:02.735429-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:27:02.822263-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10485982.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10485982,
"ParentPID": 9371816,
"Thread": 42926181,
"EventTime": "2021-09-07T19:27:02.865824-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:27:03.125233-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10485982",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9240740,
"ParentPID": 10485982,
"Thread": 49873133,
"EventTime": "2021-09-07T19:27:02.901374-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:27:03.126053-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9240740,
"ParentPID": 10485982,
"Thread": 49873133,
"EventTime": "2021-09-07T19:27:02.905838-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:27:03.126821-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9240744aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9240744,
"ParentPID": 10485982,
"Thread": 49873137,
"EventTime": "2021-09-07T19:27:02.915841-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:27:03.127552-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9240744aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9240744,
"ParentPID": 10485982,
"Thread": 49873137,
"EventTime": "2021-09-07T19:27:02.918037-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:27:03.128274-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9240744aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9240744,
"ParentPID": 10485982,
"Thread": 49873137,
"EventTime": "2021-09-07T19:27:02.918037-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:27:03.128993-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10485982/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9240750,
"ParentPID": 10485982,
"Thread": 49873143,
"EventTime": "2021-09-07T19:27:02.931342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:27:03.129705-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10485982",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9240752,
"ParentPID": 10485982,
"Thread": 49873145,
"EventTime": "2021-09-07T19:27:02.931342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:27:03.130423-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10485984,
"ParentPID": 9371816,
"Thread": 42926183,
"EventTime": "2021-09-07T19:27:02.935851-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:27:03.131124-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485984,
"ParentPID": 9371816,
"Thread": 42926183,
"EventTime": "2021-09-07T19:27:02.935851-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:27:03.131856-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371818,
"ParentPID": 6684890,
"Thread": 42467543,
"EventTime": "2021-09-07T19:30:00.972071-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:30:01.037503-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371818,
"ParentPID": 6684890,
"Thread": 42467543,
"EventTime": "2021-09-07T19:30:00.972071-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:30:01.038341-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 18:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371818,
"ParentPID": 6684890,
"Thread": 42467543,
"EventTime": "2021-09-07T19:30:00.972071-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:30:01.039101-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371818,
"ParentPID": 6684890,
"Thread": 42467543,
"EventTime": "2021-09-07T19:30:00.972071-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:30:01.039849-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-07T19:33:09.919734-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:33:10.097507-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009240774VY0qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240774,
"ParentPID": 10485994,
"Thread": 28967021,
"EventTime": "2021-09-07T19:34:00.348060-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:34:00.588334-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10486002,
"ParentPID": 9371822,
"Thread": 39518299,
"EventTime": "2021-09-07T19:34:00.368065-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:34:00.589285-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009240798WE0qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240798,
"ParentPID": 10486004,
"Thread": 28967045,
"EventTime": "2021-09-07T19:34:00.458095-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:34:00.590033-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10486006,
"ParentPID": 6684890,
"Thread": 29032689,
"EventTime": "2021-09-07T19:35:00.975343-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:35:00.986648-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10486006,
"ParentPID": 6684890,
"Thread": 29032689,
"EventTime": "2021-09-07T19:35:00.975343-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:35:00.987421-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 18:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10486006,
"ParentPID": 6684890,
"Thread": 29032689,
"EventTime": "2021-09-07T19:35:00.975343-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:35:00.988170-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10486006,
"ParentPID": 6684890,
"Thread": 29032689,
"EventTime": "2021-09-07T19:35:00.983859-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:35:00.988911-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10486008,
"ParentPID": 6684890,
"Thread": 48889959,
"EventTime": "2021-09-07T19:40:00.989855-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:40:01.190836-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10486008,
"ParentPID": 6684890,
"Thread": 48889959,
"EventTime": "2021-09-07T19:40:00.989855-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:40:01.191614-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 18:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10486008,
"ParentPID": 6684890,
"Thread": 48889959,
"EventTime": "2021-09-07T19:40:00.989855-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:40:01.192375-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10486008,
"ParentPID": 6684890,
"Thread": 48889959,
"EventTime": "2021-09-07T19:40:00.989855-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:40:01.193113-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371826,
"ParentPID": 6684890,
"Thread": 42532915,
"EventTime": "2021-09-07T19:45:01.003315-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:45:01.174642-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371826,
"ParentPID": 6684890,
"Thread": 42532915,
"EventTime": "2021-09-07T19:45:01.003315-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:45:01.175470-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 18:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371826,
"ParentPID": 6684890,
"Thread": 42532915,
"EventTime": "2021-09-07T19:45:01.004340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:45:01.176225-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371826,
"ParentPID": 6684890,
"Thread": 42532915,
"EventTime": "2021-09-07T19:45:01.004340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:45:01.176956-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10486012",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9240800,
"ParentPID": 10486012,
"Thread": 34406473,
"EventTime": "2021-09-07T19:45:01.016025-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:45:01.177500-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009240822QE0qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240822,
"ParentPID": 10485766,
"Thread": 28967071,
"EventTime": "2021-09-07T19:49:00.586341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:49:00.704289-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10485774,
"ParentPID": 9371828,
"Thread": 38535235,
"EventTime": "2021-09-07T19:49:00.606341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:49:00.705060-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009240590Ru0qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240590,
"ParentPID": 10485776,
"Thread": 28967095,
"EventTime": "2021-09-07T19:49:00.701459-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:49:01.007146-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371830,
"ParentPID": 6684890,
"Thread": 30605389,
"EventTime": "2021-09-07T19:50:00.024698-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:50:00.194719-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371830,
"ParentPID": 6684890,
"Thread": 30605389,
"EventTime": "2021-09-07T19:50:00.024698-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:50:00.195563-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 18:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371830,
"ParentPID": 6684890,
"Thread": 30605389,
"EventTime": "2021-09-07T19:50:00.024698-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:50:00.196333-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371830,
"ParentPID": 6684890,
"Thread": 30605389,
"EventTime": "2021-09-07T19:50:00.024698-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:50:00.197077-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371832,
"ParentPID": 6684890,
"Thread": 44826743,
"EventTime": "2021-09-07T19:55:00.034340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:55:00.068170-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371832,
"ParentPID": 6684890,
"Thread": 44826743,
"EventTime": "2021-09-07T19:55:00.034340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:55:00.068991-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 18:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371832,
"ParentPID": 6684890,
"Thread": 44826743,
"EventTime": "2021-09-07T19:55:00.034340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:55:00.069748-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371832,
"ParentPID": 6684890,
"Thread": 44826743,
"EventTime": "2021-09-07T19:55:00.034340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T19:55:00.070488-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371834,
"ParentPID": 6684890,
"Thread": 43515915,
"EventTime": "2021-09-07T20:00:00.044340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:00:00.265440-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371834,
"ParentPID": 6684890,
"Thread": 43515915,
"EventTime": "2021-09-07T20:00:00.044340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:00:00.266304-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 19:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371834,
"ParentPID": 6684890,
"Thread": 43515915,
"EventTime": "2021-09-07T20:00:00.044340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:00:00.267079-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371834,
"ParentPID": 6684890,
"Thread": 43515915,
"EventTime": "2021-09-07T20:00:00.047837-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:00:00.267825-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009240612Lu0qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240612,
"ParentPID": 9371846,
"Thread": 42926215,
"EventTime": "2021-09-07T20:04:00.826341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:04:00.937607-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9371854,
"ParentPID": 10485782,
"Thread": 37552319,
"EventTime": "2021-09-07T20:04:00.846341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:04:00.938443-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009240636Ma0qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240636,
"ParentPID": 9371856,
"Thread": 42926239,
"EventTime": "2021-09-07T20:04:00.946373-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:04:01.239409-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240638,
"ParentPID": 6684890,
"Thread": 43515927,
"EventTime": "2021-09-07T20:05:00.055509-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:05:00.132410-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240638,
"ParentPID": 6684890,
"Thread": 43515927,
"EventTime": "2021-09-07T20:05:00.055509-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:05:00.133238-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 19:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240638,
"ParentPID": 6684890,
"Thread": 43515927,
"EventTime": "2021-09-07T20:05:00.055509-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:05:00.133996-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240638,
"ParentPID": 6684890,
"Thread": 43515927,
"EventTime": "2021-09-07T20:05:00.055509-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:05:00.134956-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240640,
"ParentPID": 5439688,
"Thread": 43515929,
"EventTime": "2021-09-07T20:05:27.135280-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:05:27.186201-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240642,
"ParentPID": 5439688,
"Thread": 43515931,
"EventTime": "2021-09-07T20:05:28.257948-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:05:28.394221-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240644,
"ParentPID": 5439688,
"Thread": 43515933,
"EventTime": "2021-09-07T20:05:28.523340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:05:28.695210-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240646,
"ParentPID": 5439688,
"Thread": 43515935,
"EventTime": "2021-09-07T20:05:28.644468-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:05:28.696023-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240648,
"ParentPID": 5439688,
"Thread": 43515937,
"EventTime": "2021-09-07T20:05:28.915644-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:05:28.997095-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240650,
"ParentPID": 5439688,
"Thread": 43515939,
"EventTime": "2021-09-07T20:05:29.183340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:05:29.304162-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240652,
"ParentPID": 5439688,
"Thread": 43515941,
"EventTime": "2021-09-07T20:05:29.453340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:05:29.607602-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240654,
"ParentPID": 5439688,
"Thread": 43515943,
"EventTime": "2021-09-07T20:05:29.713340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:05:29.914188-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240656,
"ParentPID": 5439688,
"Thread": 43515945,
"EventTime": "2021-09-07T20:05:29.973340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:05:30.219307-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240658,
"ParentPID": 5439688,
"Thread": 43515947,
"EventTime": "2021-09-07T20:05:30.238536-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:05:30.524152-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240660,
"ParentPID": 6684890,
"Thread": 36503789,
"EventTime": "2021-09-07T20:10:00.057100-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:10:00.077975-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240660,
"ParentPID": 6684890,
"Thread": 36503789,
"EventTime": "2021-09-07T20:10:00.057100-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:10:00.078732-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 19:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240660,
"ParentPID": 6684890,
"Thread": 36503789,
"EventTime": "2021-09-07T20:10:00.067104-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:10:00.079473-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240660,
"ParentPID": 6684890,
"Thread": 36503789,
"EventTime": "2021-09-07T20:10:00.067104-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:10:00.080207-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240662,
"ParentPID": 6684890,
"Thread": 20840625,
"EventTime": "2021-09-07T20:15:00.068601-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:15:00.313683-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240662,
"ParentPID": 6684890,
"Thread": 20840625,
"EventTime": "2021-09-07T20:15:00.068601-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:15:00.314450-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 19:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240662,
"ParentPID": 6684890,
"Thread": 20840625,
"EventTime": "2021-09-07T20:15:00.068601-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:15:00.315245-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240662,
"ParentPID": 6684890,
"Thread": 20840625,
"EventTime": "2021-09-07T20:15:00.068601-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:15:00.315982-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011010110GaGaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11010110,
"ParentPID": 9830502,
"Thread": 30277757,
"EventTime": "2021-09-07T20:19:01.066450-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:19:01.098462-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9830510,
"ParentPID": 9240664,
"Thread": 42139899,
"EventTime": "2021-09-07T20:19:01.086457-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:19:01.099215-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011010134GMGaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11010134,
"ParentPID": 9830512,
"Thread": 30277781,
"EventTime": "2021-09-07T20:19:01.186527-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:19:01.406211-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240666,
"ParentPID": 6684890,
"Thread": 41222397,
"EventTime": "2021-09-07T20:20:00.080745-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:20:00.299113-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240666,
"ParentPID": 6684890,
"Thread": 41222397,
"EventTime": "2021-09-07T20:20:00.080745-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:20:00.299879-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 19:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240666,
"ParentPID": 6684890,
"Thread": 41222397,
"EventTime": "2021-09-07T20:20:00.080745-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:20:00.300624-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240666,
"ParentPID": 6684890,
"Thread": 41222397,
"EventTime": "2021-09-07T20:20:00.080745-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:20:00.301359-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240668,
"ParentPID": 6684890,
"Thread": 42598655,
"EventTime": "2021-09-07T20:25:00.093340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:25:00.221698-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240668,
"ParentPID": 6684890,
"Thread": 42598655,
"EventTime": "2021-09-07T20:25:00.093340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:25:00.222467-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 19:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240668,
"ParentPID": 6684890,
"Thread": 42598655,
"EventTime": "2021-09-07T20:25:00.095427-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:25:00.223215-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240668,
"ParentPID": 6684890,
"Thread": 42598655,
"EventTime": "2021-09-07T20:25:00.095427-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:25:00.223981-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240670,
"ParentPID": 6684890,
"Thread": 36896977,
"EventTime": "2021-09-07T20:30:00.103340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:30:00.352774-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240670,
"ParentPID": 6684890,
"Thread": 36896977,
"EventTime": "2021-09-07T20:30:00.103340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:30:00.353633-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 19:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240670,
"ParentPID": 6684890,
"Thread": 36896977,
"EventTime": "2021-09-07T20:30:00.103340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:30:00.354441-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240670,
"ParentPID": 6684890,
"Thread": 36896977,
"EventTime": "2021-09-07T20:30:00.103340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:30:00.355181-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09830514",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 11010136,
"ParentPID": 9830514,
"Thread": 35586091,
"EventTime": "2021-09-07T20:30:00.123341-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:30:00.355731-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240672,
"ParentPID": 5439688,
"Thread": 42139663,
"EventTime": "2021-09-07T20:31:05.011340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:05.263159-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9830516.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9830516,
"ParentPID": 9240672,
"Thread": 43647065,
"EventTime": "2021-09-07T20:31:05.141374-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:05.263922-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9830516",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11010152,
"ParentPID": 9830516,
"Thread": 37421089,
"EventTime": "2021-09-07T20:31:05.181392-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:05.264665-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11010152,
"ParentPID": 9830516,
"Thread": 37421089,
"EventTime": "2021-09-07T20:31:05.181392-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:05.265392-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010156aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010156,
"ParentPID": 9830516,
"Thread": 37421093,
"EventTime": "2021-09-07T20:31:05.191394-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:05.266116-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010156aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010156,
"ParentPID": 9830516,
"Thread": 37421093,
"EventTime": "2021-09-07T20:31:05.191394-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:05.266832-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010156aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010156,
"ParentPID": 9830516,
"Thread": 37421093,
"EventTime": "2021-09-07T20:31:05.201396-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:05.267534-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9830516/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11010162,
"ParentPID": 9830516,
"Thread": 37421099,
"EventTime": "2021-09-07T20:31:05.211399-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:05.268244-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9830516",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11010164,
"ParentPID": 9830516,
"Thread": 37421101,
"EventTime": "2021-09-07T20:31:05.211399-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:05.268943-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9830518,
"ParentPID": 9240672,
"Thread": 43647067,
"EventTime": "2021-09-07T20:31:05.211399-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:05.269656-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830518,
"ParentPID": 9240672,
"Thread": 43647067,
"EventTime": "2021-09-07T20:31:05.211399-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:05.270347-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240674,
"ParentPID": 5439688,
"Thread": 42139665,
"EventTime": "2021-09-07T20:31:05.622430-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:05.872196-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9830520.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9830520,
"ParentPID": 9240674,
"Thread": 43647069,
"EventTime": "2021-09-07T20:31:05.752747-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:05.873014-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9830520",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11010180,
"ParentPID": 9830520,
"Thread": 37421117,
"EventTime": "2021-09-07T20:31:05.786014-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:05.873758-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11010180,
"ParentPID": 9830520,
"Thread": 37421117,
"EventTime": "2021-09-07T20:31:05.792794-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:05.874489-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010184aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010184,
"ParentPID": 9830520,
"Thread": 37421121,
"EventTime": "2021-09-07T20:31:05.801340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:05.875209-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010184aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010184,
"ParentPID": 9830520,
"Thread": 37421121,
"EventTime": "2021-09-07T20:31:05.802798-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:05.875922-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010184aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010184,
"ParentPID": 9830520,
"Thread": 37421121,
"EventTime": "2021-09-07T20:31:05.802798-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:05.876625-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9830520/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11010186,
"ParentPID": 9830520,
"Thread": 37421123,
"EventTime": "2021-09-07T20:31:05.813568-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:05.877336-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9830520",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11010188,
"ParentPID": 9830520,
"Thread": 37421125,
"EventTime": "2021-09-07T20:31:05.813568-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:05.878033-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9830522,
"ParentPID": 9240674,
"Thread": 43647071,
"EventTime": "2021-09-07T20:31:05.821365-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:05.878732-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830522,
"ParentPID": 9240674,
"Thread": 43647071,
"EventTime": "2021-09-07T20:31:05.821365-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:05.879425-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240676,
"ParentPID": 5439688,
"Thread": 42139667,
"EventTime": "2021-09-07T20:31:06.875431-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:07.082261-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9830524.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9830524,
"ParentPID": 9240676,
"Thread": 43647073,
"EventTime": "2021-09-07T20:31:07.005772-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:07.083075-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9830524",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11010204,
"ParentPID": 9830524,
"Thread": 37421141,
"EventTime": "2021-09-07T20:31:07.041344-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:07.083822-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11010204,
"ParentPID": 9830524,
"Thread": 37421141,
"EventTime": "2021-09-07T20:31:07.045788-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:07.084558-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010208aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010208,
"ParentPID": 9830524,
"Thread": 37421145,
"EventTime": "2021-09-07T20:31:07.055792-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:07.085283-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010208aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010208,
"ParentPID": 9830524,
"Thread": 37421145,
"EventTime": "2021-09-07T20:31:07.055792-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:07.086094-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010208aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010208,
"ParentPID": 9830524,
"Thread": 37421145,
"EventTime": "2021-09-07T20:31:07.061340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:07.086807-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9830524/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11010214,
"ParentPID": 9830524,
"Thread": 37421151,
"EventTime": "2021-09-07T20:31:07.071384-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:07.087526-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9830524",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11010216,
"ParentPID": 9830524,
"Thread": 37421153,
"EventTime": "2021-09-07T20:31:07.071384-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:07.088225-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9830526,
"ParentPID": 9240676,
"Thread": 43647075,
"EventTime": "2021-09-07T20:31:07.075803-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:07.088931-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830526,
"ParentPID": 9240676,
"Thread": 43647075,
"EventTime": "2021-09-07T20:31:07.075803-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:07.089624-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240678,
"ParentPID": 5439688,
"Thread": 42139669,
"EventTime": "2021-09-07T20:31:18.620340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:18.832448-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240680,
"ParentPID": 5439688,
"Thread": 42139671,
"EventTime": "2021-09-07T20:31:20.000868-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:20.041192-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240682,
"ParentPID": 5439688,
"Thread": 42139673,
"EventTime": "2021-09-07T20:31:21.390340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:21.545913-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240684,
"ParentPID": 5439688,
"Thread": 42139675,
"EventTime": "2021-09-07T20:31:22.770340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:23.050043-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9830528.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9830528,
"ParentPID": 9240684,
"Thread": 43647077,
"EventTime": "2021-09-07T20:31:22.900340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:23.050904-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9830528",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11010232,
"ParentPID": 9830528,
"Thread": 37421169,
"EventTime": "2021-09-07T20:31:22.930340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:23.051721-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11010232,
"ParentPID": 9830528,
"Thread": 37421169,
"EventTime": "2021-09-07T20:31:22.940364-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:23.052456-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010236aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010236,
"ParentPID": 9830528,
"Thread": 37421173,
"EventTime": "2021-09-07T20:31:22.950357-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:23.053185-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010236aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010236,
"ParentPID": 9830528,
"Thread": 37421173,
"EventTime": "2021-09-07T20:31:22.950357-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:23.053899-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010236aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010236,
"ParentPID": 9830528,
"Thread": 37421173,
"EventTime": "2021-09-07T20:31:22.950357-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:23.054613-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9830528/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11010242,
"ParentPID": 9830528,
"Thread": 37421179,
"EventTime": "2021-09-07T20:31:22.961727-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:23.055337-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9830528",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11010244,
"ParentPID": 9830528,
"Thread": 37421181,
"EventTime": "2021-09-07T20:31:22.970371-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:23.056047-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9830530,
"ParentPID": 9240684,
"Thread": 43647079,
"EventTime": "2021-09-07T20:31:22.970619-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:23.056749-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830530,
"ParentPID": 9240684,
"Thread": 43647079,
"EventTime": "2021-09-07T20:31:22.970619-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:23.057445-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240686,
"ParentPID": 5439688,
"Thread": 42139677,
"EventTime": "2021-09-07T20:31:24.232699-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:24.259318-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9830532.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9830532,
"ParentPID": 9240686,
"Thread": 43647081,
"EventTime": "2021-09-07T20:31:24.363053-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:24.561223-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9830532",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11010260,
"ParentPID": 9830532,
"Thread": 37421197,
"EventTime": "2021-09-07T20:31:24.393062-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:24.562041-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11010260,
"ParentPID": 9830532,
"Thread": 37421197,
"EventTime": "2021-09-07T20:31:24.403065-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:24.562788-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010264aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010264,
"ParentPID": 9830532,
"Thread": 37421201,
"EventTime": "2021-09-07T20:31:24.413069-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:24.563526-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010264aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010264,
"ParentPID": 9830532,
"Thread": 37421201,
"EventTime": "2021-09-07T20:31:24.413069-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:24.564250-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010264aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010264,
"ParentPID": 9830532,
"Thread": 37421201,
"EventTime": "2021-09-07T20:31:24.413069-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:24.564965-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9830532/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11010266,
"ParentPID": 9830532,
"Thread": 37421203,
"EventTime": "2021-09-07T20:31:24.423072-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:24.565680-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9830532",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11010268,
"ParentPID": 9830532,
"Thread": 37421205,
"EventTime": "2021-09-07T20:31:24.430340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:24.566404-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9830534,
"ParentPID": 9240686,
"Thread": 43647083,
"EventTime": "2021-09-07T20:31:24.433076-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:24.567109-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830534,
"ParentPID": 9240686,
"Thread": 43647083,
"EventTime": "2021-09-07T20:31:24.433076-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:24.567813-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240688,
"ParentPID": 5439688,
"Thread": 42139679,
"EventTime": "2021-09-07T20:31:25.696689-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:31:25.769708-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-07T20:33:09.797343-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:33:10.053141-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011010290AIGaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11010290,
"ParentPID": 9830544,
"Thread": 44302355,
"EventTime": "2021-09-07T20:34:01.306493-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:34:01.446217-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9830552,
"ParentPID": 9240692,
"Thread": 45875347,
"EventTime": "2021-09-07T20:34:01.326500-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:34:01.447031-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.11010292",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10485806,
"ParentPID": 11010292,
"Thread": 38666397,
"EventTime": "2021-09-07T20:34:01.346506-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:34:01.447580-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009371708B70Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371708,
"ParentPID": 9830554,
"Thread": 46137459,
"EventTime": "2021-09-07T20:34:01.436537-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:34:01.448300-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240694,
"ParentPID": 6684890,
"Thread": 42139689,
"EventTime": "2021-09-07T20:35:00.127005-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:35:00.334673-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240694,
"ParentPID": 6684890,
"Thread": 42139689,
"EventTime": "2021-09-07T20:35:00.127005-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:35:00.335497-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 19:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240694,
"ParentPID": 6684890,
"Thread": 42139689,
"EventTime": "2021-09-07T20:35:00.127005-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:35:00.336243-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240694,
"ParentPID": 6684890,
"Thread": 42139689,
"EventTime": "2021-09-07T20:35:00.127005-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:35:00.336977-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240696,
"ParentPID": 6684890,
"Thread": 29032463,
"EventTime": "2021-09-07T20:40:00.136649-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:40:00.208109-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240696,
"ParentPID": 6684890,
"Thread": 29032463,
"EventTime": "2021-09-07T20:40:00.136649-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:40:00.208872-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 19:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240696,
"ParentPID": 6684890,
"Thread": 29032463,
"EventTime": "2021-09-07T20:40:00.136649-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:40:00.209607-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240696,
"ParentPID": 6684890,
"Thread": 29032463,
"EventTime": "2021-09-07T20:40:00.136649-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:40:00.210332-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240698,
"ParentPID": 5439688,
"Thread": 29032471,
"EventTime": "2021-09-07T20:42:22.637404-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:42:22.941148-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830558,
"ParentPID": 6684890,
"Thread": 28901499,
"EventTime": "2021-09-07T20:45:00.145205-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:45:00.369416-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830558,
"ParentPID": 6684890,
"Thread": 28901499,
"EventTime": "2021-09-07T20:45:00.145205-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:45:00.370228-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 19:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830558,
"ParentPID": 6684890,
"Thread": 28901499,
"EventTime": "2021-09-07T20:45:00.145205-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:45:00.370967-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830558,
"ParentPID": 6684890,
"Thread": 28901499,
"EventTime": "2021-09-07T20:45:00.145205-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:45:00.371696-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009371730630Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371730,
"ParentPID": 9240710,
"Thread": 29950045,
"EventTime": "2021-09-07T20:49:01.561706-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:49:01.670440-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9240718,
"ParentPID": 9830560,
"Thread": 31719533,
"EventTime": "2021-09-07T20:49:01.574340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:49:01.671248-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00093717547m0Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371754,
"ParentPID": 9240720,
"Thread": 29950069,
"EventTime": "2021-09-07T20:49:01.674342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:49:01.972963-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830562,
"ParentPID": 6684890,
"Thread": 50462905,
"EventTime": "2021-09-07T20:50:00.153316-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:50:00.275456-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830562,
"ParentPID": 6684890,
"Thread": 50462905,
"EventTime": "2021-09-07T20:50:00.153316-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:50:00.276270-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 19:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830562,
"ParentPID": 6684890,
"Thread": 50462905,
"EventTime": "2021-09-07T20:50:00.153316-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:50:00.277013-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830562,
"ParentPID": 6684890,
"Thread": 50462905,
"EventTime": "2021-09-07T20:50:00.153316-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:50:00.277739-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830564,
"ParentPID": 6684890,
"Thread": 49872945,
"EventTime": "2021-09-07T20:55:00.162340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:55:00.211267-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830564,
"ParentPID": 6684890,
"Thread": 49872945,
"EventTime": "2021-09-07T20:55:00.162340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:55:00.212074-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 19:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830564,
"ParentPID": 6684890,
"Thread": 49872945,
"EventTime": "2021-09-07T20:55:00.162340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:55:00.212850-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830564,
"ParentPID": 6684890,
"Thread": 49872945,
"EventTime": "2021-09-07T20:55:00.162340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T20:55:00.213636-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830566,
"ParentPID": 6684890,
"Thread": 29622475,
"EventTime": "2021-09-07T21:00:00.171430-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:00:00.473166-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830566,
"ParentPID": 6684890,
"Thread": 29622475,
"EventTime": "2021-09-07T21:00:00.171430-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:00:00.473988-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 20:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830566,
"ParentPID": 6684890,
"Thread": 29622475,
"EventTime": "2021-09-07T21:00:00.171430-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:00:00.474725-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830566,
"ParentPID": 6684890,
"Thread": 29622475,
"EventTime": "2021-09-07T21:00:00.176896-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:00:00.475458-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00056362021iv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636202,
"ParentPID": 9830578,
"Thread": 42467341,
"EventTime": "2021-09-07T21:04:01.794340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:04:01.825059-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9830586,
"ParentPID": 11010056,
"Thread": 41222183,
"EventTime": "2021-09-07T21:04:01.814340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:04:01.825864-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00056362261Uv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636226,
"ParentPID": 9830588,
"Thread": 42467365,
"EventTime": "2021-09-07T21:04:01.914341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:04:02.134210-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010058,
"ParentPID": 6684890,
"Thread": 44499125,
"EventTime": "2021-09-07T21:05:00.183859-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:05:00.435187-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010058,
"ParentPID": 6684890,
"Thread": 44499125,
"EventTime": "2021-09-07T21:05:00.183859-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:05:00.435952-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 20:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010058,
"ParentPID": 6684890,
"Thread": 44499125,
"EventTime": "2021-09-07T21:05:00.183859-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:05:00.436690-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010058,
"ParentPID": 6684890,
"Thread": 44499125,
"EventTime": "2021-09-07T21:05:00.183859-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:05:00.437416-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010060,
"ParentPID": 6684890,
"Thread": 42532977,
"EventTime": "2021-09-07T21:10:00.193981-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:10:00.368968-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010060,
"ParentPID": 6684890,
"Thread": 42532977,
"EventTime": "2021-09-07T21:10:00.193981-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:10:00.369792-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 20:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010060,
"ParentPID": 6684890,
"Thread": 42532977,
"EventTime": "2021-09-07T21:10:00.193981-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:10:00.370536-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010060,
"ParentPID": 6684890,
"Thread": 42532977,
"EventTime": "2021-09-07T21:10:00.193981-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:10:00.371275-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010062,
"ParentPID": 6684890,
"Thread": 29818983,
"EventTime": "2021-09-07T21:15:00.202340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:15:00.279251-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010062,
"ParentPID": 6684890,
"Thread": 29818983,
"EventTime": "2021-09-07T21:15:00.202340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:15:00.280074-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 20:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010062,
"ParentPID": 6684890,
"Thread": 29818983,
"EventTime": "2021-09-07T21:15:00.202340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:15:00.280816-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010062,
"ParentPID": 6684890,
"Thread": 29818983,
"EventTime": "2021-09-07T21:15:00.202340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:15:00.281541-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011469036uQHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11469036,
"ParentPID": 9371774,
"Thread": 29098181,
"EventTime": "2021-09-07T21:19:02.039047-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:19:02.144385-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9371782,
"ParentPID": 11010064,
"Thread": 39911515,
"EventTime": "2021-09-07T21:19:02.059063-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:19:02.145154-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011468804vAHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468804,
"ParentPID": 9371784,
"Thread": 29098205,
"EventTime": "2021-09-07T21:19:02.153340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:19:02.450745-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010066,
"ParentPID": 6684890,
"Thread": 47251503,
"EventTime": "2021-09-07T21:20:00.212340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:20:00.409159-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010066,
"ParentPID": 6684890,
"Thread": 47251503,
"EventTime": "2021-09-07T21:20:00.212340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:20:00.409925-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 20:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010066,
"ParentPID": 6684890,
"Thread": 47251503,
"EventTime": "2021-09-07T21:20:00.212340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:20:00.410665-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010066,
"ParentPID": 6684890,
"Thread": 47251503,
"EventTime": "2021-09-07T21:20:00.212340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:20:00.411393-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010068,
"ParentPID": 6684890,
"Thread": 22282299,
"EventTime": "2021-09-07T21:25:00.221340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:25:00.260506-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010068,
"ParentPID": 6684890,
"Thread": 22282299,
"EventTime": "2021-09-07T21:25:00.221340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:25:00.261330-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 20:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010068,
"ParentPID": 6684890,
"Thread": 22282299,
"EventTime": "2021-09-07T21:25:00.221340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:25:00.262119-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010068,
"ParentPID": 6684890,
"Thread": 22282299,
"EventTime": "2021-09-07T21:25:00.221340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:25:00.262904-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09371786",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 11010070,
"ParentPID": 9371786,
"Thread": 22282301,
"EventTime": "2021-09-07T21:25:00.241342-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:25:00.263453-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371788,
"ParentPID": 6684890,
"Thread": 47251523,
"EventTime": "2021-09-07T21:30:00.245235-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:30:00.460009-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371788,
"ParentPID": 6684890,
"Thread": 47251523,
"EventTime": "2021-09-07T21:30:00.245235-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:30:00.460784-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 20:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371788,
"ParentPID": 6684890,
"Thread": 47251523,
"EventTime": "2021-09-07T21:30:00.248354-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:30:00.461579-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371788,
"ParentPID": 6684890,
"Thread": 47251523,
"EventTime": "2021-09-07T21:30:00.248354-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:30:00.462379-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-07T21:33:09.675339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:33:09.738778-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011468826p7HMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468826,
"ParentPID": 11010080,
"Thread": 44433525,
"EventTime": "2021-09-07T21:34:02.283369-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:34:02.344201-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11010088,
"ParentPID": 9371792,
"Thread": 37093469,
"EventTime": "2021-09-07T21:34:02.298244-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:34:02.345013-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011468850qqHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468850,
"ParentPID": 11010090,
"Thread": 44433549,
"EventTime": "2021-09-07T21:34:02.398278-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:34:02.650260-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289174,
"ParentPID": 6684890,
"Thread": 49872987,
"EventTime": "2021-09-07T21:35:00.255967-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:35:00.346500-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289174,
"ParentPID": 6684890,
"Thread": 49872987,
"EventTime": "2021-09-07T21:35:00.255967-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:35:00.347268-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 20:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10289174,
"ParentPID": 6684890,
"Thread": 49872987,
"EventTime": "2021-09-07T21:35:00.257574-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:35:00.348024-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10289174,
"ParentPID": 6684890,
"Thread": 49872987,
"EventTime": "2021-09-07T21:35:00.257574-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:35:00.348753-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289176,
"ParentPID": 5439688,
"Thread": 41877753,
"EventTime": "2021-09-07T21:37:11.197340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:37:11.339372-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9240770.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9240770,
"ParentPID": 10289176,
"Thread": 43647109,
"EventTime": "2021-09-07T21:37:11.447340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:37:11.643183-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9240770",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9830632,
"ParentPID": 9240770,
"Thread": 20905985,
"EventTime": "2021-09-07T21:37:11.477340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:37:11.643986-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9830632,
"ParentPID": 9240770,
"Thread": 20905985,
"EventTime": "2021-09-07T21:37:11.487380-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:37:11.644706-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9830636aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9830636,
"ParentPID": 9240770,
"Thread": 20905989,
"EventTime": "2021-09-07T21:37:11.497356-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:37:11.645425-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9830636aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9830636,
"ParentPID": 9240770,
"Thread": 20905989,
"EventTime": "2021-09-07T21:37:11.497356-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:37:11.646138-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9830636aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9830636,
"ParentPID": 9240770,
"Thread": 20905989,
"EventTime": "2021-09-07T21:37:11.497356-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:37:11.646848-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9240770/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9830642,
"ParentPID": 9240770,
"Thread": 20905995,
"EventTime": "2021-09-07T21:37:11.512009-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:37:11.647606-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9240770",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9830644,
"ParentPID": 9240770,
"Thread": 20905997,
"EventTime": "2021-09-07T21:37:11.512009-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:37:11.648391-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9240772,
"ParentPID": 10289176,
"Thread": 43647111,
"EventTime": "2021-09-07T21:37:11.517340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:37:11.649104-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240772,
"ParentPID": 10289176,
"Thread": 43647111,
"EventTime": "2021-09-07T21:37:11.517340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:37:11.649814-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289178,
"ParentPID": 5439688,
"Thread": 41877755,
"EventTime": "2021-09-07T21:37:12.048423-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:37:12.254809-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9240774.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9240774,
"ParentPID": 10289178,
"Thread": 43647113,
"EventTime": "2021-09-07T21:37:12.183893-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:37:12.255576-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9240774",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9830404,
"ParentPID": 9240774,
"Thread": 20906013,
"EventTime": "2021-09-07T21:37:12.213903-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:37:12.256310-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9830404,
"ParentPID": 9240774,
"Thread": 20906013,
"EventTime": "2021-09-07T21:37:12.220872-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:37:12.257033-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9830408aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9830408,
"ParentPID": 9240774,
"Thread": 20906017,
"EventTime": "2021-09-07T21:37:12.227341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:37:12.257791-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9830408aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9830408,
"ParentPID": 9240774,
"Thread": 20906017,
"EventTime": "2021-09-07T21:37:12.227341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:37:12.258564-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9830408aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9830408,
"ParentPID": 9240774,
"Thread": 20906017,
"EventTime": "2021-09-07T21:37:12.233909-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:37:12.259277-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9240774/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9830410,
"ParentPID": 9240774,
"Thread": 20906019,
"EventTime": "2021-09-07T21:37:12.243912-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:37:12.259995-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9240774",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9830412,
"ParentPID": 9240774,
"Thread": 20906021,
"EventTime": "2021-09-07T21:37:12.247340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:37:12.260695-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9240776,
"ParentPID": 10289178,
"Thread": 43647115,
"EventTime": "2021-09-07T21:37:12.249176-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:37:12.261396-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240776,
"ParentPID": 10289178,
"Thread": 43647115,
"EventTime": "2021-09-07T21:37:12.249176-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:37:12.262086-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240780,
"ParentPID": 6684890,
"Thread": 42533005,
"EventTime": "2021-09-07T21:40:00.259538-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:40:00.534116-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240780,
"ParentPID": 6684890,
"Thread": 42533005,
"EventTime": "2021-09-07T21:40:00.259538-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:40:00.534944-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 20:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240780,
"ParentPID": 6684890,
"Thread": 42533005,
"EventTime": "2021-09-07T21:40:00.259538-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:40:00.535690-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240780,
"ParentPID": 6684890,
"Thread": 42533005,
"EventTime": "2021-09-07T21:40:00.259538-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:40:00.536425-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289184,
"ParentPID": 6684890,
"Thread": 41877517,
"EventTime": "2021-09-07T21:45:00.271374-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:45:00.437807-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289184,
"ParentPID": 6684890,
"Thread": 41877517,
"EventTime": "2021-09-07T21:45:00.271374-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:45:00.438580-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 20:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10289184,
"ParentPID": 6684890,
"Thread": 41877517,
"EventTime": "2021-09-07T21:45:00.271374-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:45:00.439325-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10289184,
"ParentPID": 6684890,
"Thread": 41877517,
"EventTime": "2021-09-07T21:45:00.271374-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:45:00.440057-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289186,
"ParentPID": 5439688,
"Thread": 31916127,
"EventTime": "2021-09-07T21:46:09.301684-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:46:09.543356-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009830434kmB7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9830434,
"ParentPID": 9240792,
"Thread": 31588421,
"EventTime": "2021-09-07T21:49:02.523341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:49:02.642039-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9240800,
"ParentPID": 10289188,
"Thread": 49873019,
"EventTime": "2021-09-07T21:49:02.543340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:49:02.642841-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009830458kYB7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9830458,
"ParentPID": 9240802,
"Thread": 31588445,
"EventTime": "2021-09-07T21:49:02.633340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:49:02.643628-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192178,
"ParentPID": 6684890,
"Thread": 28049493,
"EventTime": "2021-09-07T21:50:00.283987-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:50:00.334426-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192178,
"ParentPID": 6684890,
"Thread": 28049493,
"EventTime": "2021-09-07T21:50:00.283987-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:50:00.335244-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 20:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192178,
"ParentPID": 6684890,
"Thread": 28049493,
"EventTime": "2021-09-07T21:50:00.283987-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:50:00.335985-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192178,
"ParentPID": 6684890,
"Thread": 28049493,
"EventTime": "2021-09-07T21:50:00.283987-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:50:00.336714-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192180,
"ParentPID": 6684890,
"Thread": 45154389,
"EventTime": "2021-09-07T21:55:00.294562-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:55:00.595856-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192180,
"ParentPID": 6684890,
"Thread": 45154389,
"EventTime": "2021-09-07T21:55:00.294562-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:55:00.596666-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 20:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192180,
"ParentPID": 6684890,
"Thread": 45154389,
"EventTime": "2021-09-07T21:55:00.297902-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:55:00.597411-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192180,
"ParentPID": 6684890,
"Thread": 45154389,
"EventTime": "2021-09-07T21:55:00.297902-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T21:55:00.598141-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192182,
"ParentPID": 6684890,
"Thread": 40501405,
"EventTime": "2021-09-07T22:00:00.305288-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:00:00.436461-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192182,
"ParentPID": 6684890,
"Thread": 40501405,
"EventTime": "2021-09-07T22:00:00.305288-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:00:00.437274-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 21:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192182,
"ParentPID": 6684890,
"Thread": 40501405,
"EventTime": "2021-09-07T22:00:00.305288-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:00:00.438017-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192182,
"ParentPID": 6684890,
"Thread": 40501405,
"EventTime": "2021-09-07T22:00:00.305288-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:00:00.438743-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.11468860",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10289190,
"ParentPID": 11468860,
"Thread": 34930871,
"EventTime": "2021-09-07T22:00:00.320340-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:00:00.439282-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010289212eIDqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10289212,
"ParentPID": 8192194,
"Thread": 29032505,
"EventTime": "2021-09-07T22:04:02.722339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:04:02.879154-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192202,
"ParentPID": 11468866,
"Thread": 45875375,
"EventTime": "2021-09-07T22:04:02.736469-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:04:02.879655-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010289236fiDqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10289236,
"ParentPID": 8192204,
"Thread": 29032529,
"EventTime": "2021-09-07T22:04:02.798467-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:04:02.880107-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468868,
"ParentPID": 6684890,
"Thread": 42991833,
"EventTime": "2021-09-07T22:05:00.321737-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:05:00.542614-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468868,
"ParentPID": 6684890,
"Thread": 42991833,
"EventTime": "2021-09-07T22:05:00.321737-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:05:00.543128-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 21:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468868,
"ParentPID": 6684890,
"Thread": 42991833,
"EventTime": "2021-09-07T22:05:00.321737-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:05:00.543589-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468868,
"ParentPID": 6684890,
"Thread": 42991833,
"EventTime": "2021-09-07T22:05:00.321737-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:05:00.544042-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468870,
"ParentPID": 5439688,
"Thread": 42991835,
"EventTime": "2021-09-07T22:05:43.199339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:05:43.211965-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468872,
"ParentPID": 5439688,
"Thread": 42991837,
"EventTime": "2021-09-07T22:05:44.261880-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:05:44.419441-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468874,
"ParentPID": 5439688,
"Thread": 42991839,
"EventTime": "2021-09-07T22:05:44.529339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:05:44.724222-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468876,
"ParentPID": 5439688,
"Thread": 42991841,
"EventTime": "2021-09-07T22:05:44.669339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:05:44.724724-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468878,
"ParentPID": 5439688,
"Thread": 42991843,
"EventTime": "2021-09-07T22:05:44.949723-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:05:45.029845-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468880,
"ParentPID": 5439688,
"Thread": 42991845,
"EventTime": "2021-09-07T22:05:45.212276-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:05:45.330865-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468882,
"ParentPID": 5439688,
"Thread": 42991847,
"EventTime": "2021-09-07T22:05:45.480586-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:05:45.639099-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468884,
"ParentPID": 5439688,
"Thread": 42991849,
"EventTime": "2021-09-07T22:05:45.751317-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:05:45.939880-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468886,
"ParentPID": 5439688,
"Thread": 42991851,
"EventTime": "2021-09-07T22:05:46.017976-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:05:46.242398-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468888,
"ParentPID": 5439688,
"Thread": 42991853,
"EventTime": "2021-09-07T22:05:46.281922-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:05:46.549857-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240826,
"ParentPID": 6684890,
"Thread": 36044949,
"EventTime": "2021-09-07T22:10:00.323039-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:10:00.362549-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240826,
"ParentPID": 6684890,
"Thread": 36044949,
"EventTime": "2021-09-07T22:10:00.323039-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:10:00.363034-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 21:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240826,
"ParentPID": 6684890,
"Thread": 36044949,
"EventTime": "2021-09-07T22:10:00.323039-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:10:00.363467-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240826,
"ParentPID": 6684890,
"Thread": 36044949,
"EventTime": "2021-09-07T22:10:00.330339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:10:00.363881-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240828,
"ParentPID": 6684890,
"Thread": 38666441,
"EventTime": "2021-09-07T22:15:00.331549-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:15:00.480737-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240828,
"ParentPID": 6684890,
"Thread": 38666441,
"EventTime": "2021-09-07T22:15:00.331549-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:15:00.481187-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 21:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240828,
"ParentPID": 6684890,
"Thread": 38666441,
"EventTime": "2021-09-07T22:15:00.331549-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:15:00.481654-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240828,
"ParentPID": 6684890,
"Thread": 38666441,
"EventTime": "2021-09-07T22:15:00.331549-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:15:00.482106-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009830492-aB7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9830492,
"ParentPID": 11468900,
"Thread": 42926277,
"EventTime": "2021-09-07T22:19:02.909183-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:19:02.938306-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11468908,
"ParentPID": 9240830,
"Thread": 42402017,
"EventTime": "2021-09-07T22:19:02.926281-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:19:02.939014-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009830516-MB7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9830516,
"ParentPID": 11468910,
"Thread": 42926301,
"EventTime": "2021-09-07T22:19:03.022340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:19:03.243148-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240576,
"ParentPID": 6684890,
"Thread": 45875387,
"EventTime": "2021-09-07T22:20:00.336017-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:20:00.636157-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240576,
"ParentPID": 6684890,
"Thread": 45875387,
"EventTime": "2021-09-07T22:20:00.336017-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:20:00.636934-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 21:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240576,
"ParentPID": 6684890,
"Thread": 45875387,
"EventTime": "2021-09-07T22:20:00.336017-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:20:00.637634-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240576,
"ParentPID": 6684890,
"Thread": 45875387,
"EventTime": "2021-09-07T22:20:00.340340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:20:00.638357-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240578,
"ParentPID": 6684890,
"Thread": 20840675,
"EventTime": "2021-09-07T22:25:00.349459-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:25:00.564232-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240578,
"ParentPID": 6684890,
"Thread": 20840675,
"EventTime": "2021-09-07T22:25:00.349459-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:25:00.565013-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 21:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240578,
"ParentPID": 6684890,
"Thread": 20840675,
"EventTime": "2021-09-07T22:25:00.350340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:25:00.565709-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240578,
"ParentPID": 6684890,
"Thread": 20840675,
"EventTime": "2021-09-07T22:25:00.350340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:25:00.566430-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240580,
"ParentPID": 6684890,
"Thread": 40763441,
"EventTime": "2021-09-07T22:30:00.352251-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:30:00.482511-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240580,
"ParentPID": 6684890,
"Thread": 40763441,
"EventTime": "2021-09-07T22:30:00.352251-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:30:00.483385-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 21:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240580,
"ParentPID": 6684890,
"Thread": 40763441,
"EventTime": "2021-09-07T22:30:00.360340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:30:00.484106-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240580,
"ParentPID": 6684890,
"Thread": 40763441,
"EventTime": "2021-09-07T22:30:00.360340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:30:00.484834-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240582,
"ParentPID": 5439688,
"Thread": 33882293,
"EventTime": "2021-09-07T22:31:20.990285-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:21.027267-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9830518.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9830518,
"ParentPID": 9240582,
"Thread": 44433567,
"EventTime": "2021-09-07T22:31:21.117341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:21.328160-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9830518",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9044020,
"ParentPID": 9830518,
"Thread": 48169069,
"EventTime": "2021-09-07T22:31:21.157340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:21.328932-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9044020,
"ParentPID": 9830518,
"Thread": 48169069,
"EventTime": "2021-09-07T22:31:21.157340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:21.329623-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044024aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044024,
"ParentPID": 9830518,
"Thread": 48169073,
"EventTime": "2021-09-07T22:31:21.167340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:21.330339-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044024aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044024,
"ParentPID": 9830518,
"Thread": 48169073,
"EventTime": "2021-09-07T22:31:21.167340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:21.331042-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044024aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044024,
"ParentPID": 9830518,
"Thread": 48169073,
"EventTime": "2021-09-07T22:31:21.177340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:21.331743-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9830518/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9044030,
"ParentPID": 9830518,
"Thread": 48169079,
"EventTime": "2021-09-07T22:31:21.187342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:21.332443-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9830518",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9044032,
"ParentPID": 9830518,
"Thread": 48169081,
"EventTime": "2021-09-07T22:31:21.191635-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:21.333144-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9830520,
"ParentPID": 9240582,
"Thread": 44433569,
"EventTime": "2021-09-07T22:31:21.191635-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:21.333841-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830520,
"ParentPID": 9240582,
"Thread": 44433569,
"EventTime": "2021-09-07T22:31:21.191635-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:21.334539-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240584,
"ParentPID": 5439688,
"Thread": 33882295,
"EventTime": "2021-09-07T22:31:21.597806-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:21.638139-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9830522.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9830522,
"ParentPID": 9240584,
"Thread": 44433571,
"EventTime": "2021-09-07T22:31:21.728130-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:21.939343-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9830522",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9044048,
"ParentPID": 9830522,
"Thread": 48169097,
"EventTime": "2021-09-07T22:31:21.758138-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:21.940108-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9044048,
"ParentPID": 9830522,
"Thread": 48169097,
"EventTime": "2021-09-07T22:31:21.768141-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:21.940909-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044052aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044052,
"ParentPID": 9830522,
"Thread": 48169101,
"EventTime": "2021-09-07T22:31:21.777341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:21.941623-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044052aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044052,
"ParentPID": 9830522,
"Thread": 48169101,
"EventTime": "2021-09-07T22:31:21.778144-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:21.942332-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9044052aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9044052,
"ParentPID": 9830522,
"Thread": 48169101,
"EventTime": "2021-09-07T22:31:21.778144-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:21.943032-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09044054",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 11468916,
"ParentPID": 9044054,
"Thread": 42991871,
"EventTime": "2021-09-07T22:31:21.798842-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:21.943556-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9830522/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11468918,
"ParentPID": 9830522,
"Thread": 42991617,
"EventTime": "2021-09-07T22:31:21.798842-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:21.944254-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9830522",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11468920,
"ParentPID": 9830522,
"Thread": 42991619,
"EventTime": "2021-09-07T22:31:21.808181-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:21.944950-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9830524,
"ParentPID": 9240584,
"Thread": 44433573,
"EventTime": "2021-09-07T22:31:21.808181-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:21.945647-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830524,
"ParentPID": 9240584,
"Thread": 44433573,
"EventTime": "2021-09-07T22:31:21.808181-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:21.946336-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240586,
"ParentPID": 5439688,
"Thread": 33882297,
"EventTime": "2021-09-07T22:31:22.801704-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:22.851812-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9830526.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9830526,
"ParentPID": 9240586,
"Thread": 44433575,
"EventTime": "2021-09-07T22:31:22.931236-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:23.154137-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9830526",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11468936,
"ParentPID": 9830526,
"Thread": 42991635,
"EventTime": "2021-09-07T22:31:22.961245-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:23.154899-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11468936,
"ParentPID": 9830526,
"Thread": 42991635,
"EventTime": "2021-09-07T22:31:22.971248-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:23.155603-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468940aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468940,
"ParentPID": 9830526,
"Thread": 42991639,
"EventTime": "2021-09-07T22:31:22.981251-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:23.156307-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468940aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468940,
"ParentPID": 9830526,
"Thread": 42991639,
"EventTime": "2021-09-07T22:31:22.981251-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:23.157013-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468940aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468940,
"ParentPID": 9830526,
"Thread": 42991639,
"EventTime": "2021-09-07T22:31:22.981251-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:23.157837-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9830526/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11468942,
"ParentPID": 9830526,
"Thread": 42991641,
"EventTime": "2021-09-07T22:31:22.991255-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:23.158605-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9830526",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11468944,
"ParentPID": 9830526,
"Thread": 42991643,
"EventTime": "2021-09-07T22:31:22.997340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:23.159322-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9830528,
"ParentPID": 9240586,
"Thread": 44433577,
"EventTime": "2021-09-07T22:31:23.002655-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:23.160022-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830528,
"ParentPID": 9240586,
"Thread": 44433577,
"EventTime": "2021-09-07T22:31:23.002655-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:23.160715-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240588,
"ParentPID": 5439688,
"Thread": 33882299,
"EventTime": "2021-09-07T22:31:34.534681-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:34.577483-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240590,
"ParentPID": 5439688,
"Thread": 33882301,
"EventTime": "2021-09-07T22:31:35.918491-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:36.089756-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240592,
"ParentPID": 5439688,
"Thread": 33882303,
"EventTime": "2021-09-07T22:31:37.297340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:37.303099-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240594,
"ParentPID": 5439688,
"Thread": 33882305,
"EventTime": "2021-09-07T22:31:38.679238-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:38.819015-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9830530.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9830530,
"ParentPID": 9240594,
"Thread": 44433579,
"EventTime": "2021-09-07T22:31:38.807340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:38.819746-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9830530",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11468960,
"ParentPID": 9830530,
"Thread": 42991659,
"EventTime": "2021-09-07T22:31:38.847340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:39.127942-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11468960,
"ParentPID": 9830530,
"Thread": 42991659,
"EventTime": "2021-09-07T22:31:38.847340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:39.128722-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468964aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468964,
"ParentPID": 9830530,
"Thread": 42991663,
"EventTime": "2021-09-07T22:31:38.857341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:39.129436-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468964aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468964,
"ParentPID": 9830530,
"Thread": 42991663,
"EventTime": "2021-09-07T22:31:38.857341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:39.130136-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468964aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468964,
"ParentPID": 9830530,
"Thread": 42991663,
"EventTime": "2021-09-07T22:31:38.867420-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:39.130848-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9830530/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11468970,
"ParentPID": 9830530,
"Thread": 42991669,
"EventTime": "2021-09-07T22:31:38.877340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:39.131557-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9830530",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11468972,
"ParentPID": 9830530,
"Thread": 42991671,
"EventTime": "2021-09-07T22:31:38.879309-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:39.132255-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9830532,
"ParentPID": 9240594,
"Thread": 44433581,
"EventTime": "2021-09-07T22:31:38.879309-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:39.132950-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830532,
"ParentPID": 9240594,
"Thread": 44433581,
"EventTime": "2021-09-07T22:31:38.879309-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:39.133640-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240596,
"ParentPID": 5439688,
"Thread": 33882307,
"EventTime": "2021-09-07T22:31:40.139859-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:40.342119-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9830534.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9830534,
"ParentPID": 9240596,
"Thread": 44433583,
"EventTime": "2021-09-07T22:31:40.270182-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:40.342826-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9830534",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11468988,
"ParentPID": 9830534,
"Thread": 42991687,
"EventTime": "2021-09-07T22:31:40.308264-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:40.343540-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11468988,
"ParentPID": 9830534,
"Thread": 42991687,
"EventTime": "2021-09-07T22:31:40.310194-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:40.344242-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468992aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468992,
"ParentPID": 9830534,
"Thread": 42991691,
"EventTime": "2021-09-07T22:31:40.320908-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:40.344946-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468992aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468992,
"ParentPID": 9830534,
"Thread": 42991691,
"EventTime": "2021-09-07T22:31:40.320908-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:40.345650-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468992aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468992,
"ParentPID": 9830534,
"Thread": 42991691,
"EventTime": "2021-09-07T22:31:40.327340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:40.346340-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9830534/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11468998,
"ParentPID": 9830534,
"Thread": 42991697,
"EventTime": "2021-09-07T22:31:40.337340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:40.347032-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9830534",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11469000,
"ParentPID": 9830534,
"Thread": 42991699,
"EventTime": "2021-09-07T22:31:40.340207-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:40.648128-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9830536,
"ParentPID": 9240596,
"Thread": 44433585,
"EventTime": "2021-09-07T22:31:40.350212-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:40.648891-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830536,
"ParentPID": 9240596,
"Thread": 44433585,
"EventTime": "2021-09-07T22:31:40.350212-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:40.649613-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240598,
"ParentPID": 5439688,
"Thread": 33882309,
"EventTime": "2021-09-07T22:31:41.607340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:31:41.855178-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-07T22:33:09.550469-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:33:09.581763-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011469022VIHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11469022,
"ParentPID": 9830546,
"Thread": 35586147,
"EventTime": "2021-09-07T22:34:03.149735-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:34:03.383208-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9830554,
"ParentPID": 9240602,
"Thread": 34406515,
"EventTime": "2021-09-07T22:34:03.162340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:34:03.384013-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011469046W3HMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11469046,
"ParentPID": 9830556,
"Thread": 35586171,
"EventTime": "2021-09-07T22:34:03.262345-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:34:03.384754-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830558,
"ParentPID": 6684890,
"Thread": 33882319,
"EventTime": "2021-09-07T22:35:00.368575-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:35:00.509828-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830558,
"ParentPID": 6684890,
"Thread": 33882319,
"EventTime": "2021-09-07T22:35:00.368575-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:35:00.510636-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 21:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830558,
"ParentPID": 6684890,
"Thread": 33882319,
"EventTime": "2021-09-07T22:35:00.368575-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:35:00.511436-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830558,
"ParentPID": 6684890,
"Thread": 33882319,
"EventTime": "2021-09-07T22:35:00.368575-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:35:00.512165-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830564,
"ParentPID": 6684890,
"Thread": 28049543,
"EventTime": "2021-09-07T22:40:00.371153-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:40:00.396866-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830564,
"ParentPID": 6684890,
"Thread": 28049543,
"EventTime": "2021-09-07T22:40:00.371153-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:40:00.397649-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 21:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830564,
"ParentPID": 6684890,
"Thread": 28049543,
"EventTime": "2021-09-07T22:40:00.371153-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:40:00.398391-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830564,
"ParentPID": 6684890,
"Thread": 28049543,
"EventTime": "2021-09-07T22:40:00.381156-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:40:00.399119-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830566,
"ParentPID": 5439688,
"Thread": 28049551,
"EventTime": "2021-09-07T22:42:26.467680-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:42:26.769319-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830568,
"ParentPID": 6684890,
"Thread": 35913885,
"EventTime": "2021-09-07T22:45:00.384994-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:45:00.606450-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830568,
"ParentPID": 6684890,
"Thread": 35913885,
"EventTime": "2021-09-07T22:45:00.384994-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:45:00.607209-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 21:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830568,
"ParentPID": 6684890,
"Thread": 35913885,
"EventTime": "2021-09-07T22:45:00.390342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:45:00.607957-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830568,
"ParentPID": 6684890,
"Thread": 35913885,
"EventTime": "2021-09-07T22:45:00.390342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:45:00.608690-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09830570",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 11469052,
"ParentPID": 9830570,
"Thread": 29491229,
"EventTime": "2021-09-07T22:45:00.410346-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:45:00.609224-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009371856Qy0Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371856,
"ParentPID": 11468806,
"Thread": 30277837,
"EventTime": "2021-09-07T22:49:03.381340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:49:03.463904-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11468814,
"ParentPID": 9830576,
"Thread": 41877551,
"EventTime": "2021-09-07T22:49:03.402684-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:49:03.464646-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009371880Ri0Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371880,
"ParentPID": 11468816,
"Thread": 30277861,
"EventTime": "2021-09-07T22:49:03.501340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:49:03.772217-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468818,
"ParentPID": 6684890,
"Thread": 43253793,
"EventTime": "2021-09-07T22:50:00.389809-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:50:00.582551-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468818,
"ParentPID": 6684890,
"Thread": 43253793,
"EventTime": "2021-09-07T22:50:00.389809-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:50:00.583312-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 21:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468818,
"ParentPID": 6684890,
"Thread": 43253793,
"EventTime": "2021-09-07T22:50:00.399341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:50:00.584048-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468818,
"ParentPID": 6684890,
"Thread": 43253793,
"EventTime": "2021-09-07T22:50:00.399812-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:50:00.584771-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468820,
"ParentPID": 6684890,
"Thread": 50462727,
"EventTime": "2021-09-07T22:55:00.407952-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:55:00.559198-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468820,
"ParentPID": 6684890,
"Thread": 50462727,
"EventTime": "2021-09-07T22:55:00.407952-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:55:00.560012-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 21:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468820,
"ParentPID": 6684890,
"Thread": 50462727,
"EventTime": "2021-09-07T22:55:00.409340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:55:00.560803-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468820,
"ParentPID": 6684890,
"Thread": 50462727,
"EventTime": "2021-09-07T22:55:00.409340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T22:55:00.561538-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468826,
"ParentPID": 6684890,
"Thread": 45351083,
"EventTime": "2021-09-07T23:00:00.410075-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:00:00.447419-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468826,
"ParentPID": 6684890,
"Thread": 45351083,
"EventTime": "2021-09-07T23:00:00.410075-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:00:00.448207-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 22:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468826,
"ParentPID": 6684890,
"Thread": 45351083,
"EventTime": "2021-09-07T23:00:00.419342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:00:00.448944-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468826,
"ParentPID": 6684890,
"Thread": 45351083,
"EventTime": "2021-09-07T23:00:00.420078-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:00:00.449723-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009830598LeB7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9830598,
"ParentPID": 11468838,
"Thread": 32178355,
"EventTime": "2021-09-07T23:04:03.627499-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:04:03.862199-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11468846,
"ParentPID": 9371890,
"Thread": 44957765,
"EventTime": "2021-09-07T23:04:03.641340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:04:03.863012-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009830622LQB7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9830622,
"ParentPID": 11468848,
"Thread": 32178379,
"EventTime": "2021-09-07T23:04:03.741430-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:04:03.863737-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468850,
"ParentPID": 6684890,
"Thread": 45875423,
"EventTime": "2021-09-07T23:05:00.423117-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:05:00.635225-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468850,
"ParentPID": 6684890,
"Thread": 45875423,
"EventTime": "2021-09-07T23:05:00.423117-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:05:00.636053-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 22:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468850,
"ParentPID": 6684890,
"Thread": 45875423,
"EventTime": "2021-09-07T23:05:00.429340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:05:00.636790-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468850,
"ParentPID": 6684890,
"Thread": 45875423,
"EventTime": "2021-09-07T23:05:00.430473-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:05:00.637527-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468852,
"ParentPID": 6684890,
"Thread": 47251561,
"EventTime": "2021-09-07T23:10:00.431818-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:10:00.547978-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468852,
"ParentPID": 6684890,
"Thread": 47251561,
"EventTime": "2021-09-07T23:10:00.431818-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:10:00.548805-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 22:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468852,
"ParentPID": 6684890,
"Thread": 47251561,
"EventTime": "2021-09-07T23:10:00.439340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:10:00.549658-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468852,
"ParentPID": 6684890,
"Thread": 47251561,
"EventTime": "2021-09-07T23:10:00.439340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:10:00.550456-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468854,
"ParentPID": 6684890,
"Thread": 35717139,
"EventTime": "2021-09-07T23:15:00.446470-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:15:00.747611-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468854,
"ParentPID": 6684890,
"Thread": 35717139,
"EventTime": "2021-09-07T23:15:00.446470-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:15:00.748385-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 22:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468854,
"ParentPID": 6684890,
"Thread": 35717139,
"EventTime": "2021-09-07T23:15:00.446470-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:15:00.749126-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468854,
"ParentPID": 6684890,
"Thread": 35717139,
"EventTime": "2021-09-07T23:15:00.446470-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:15:00.749872-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009830644FMB7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9830644,
"ParentPID": 9371900,
"Thread": 48037923,
"EventTime": "2021-09-07T23:19:03.869202-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:19:04.107569-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9371652,
"ParentPID": 11468856,
"Thread": 42729575,
"EventTime": "2021-09-07T23:19:03.881342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:19:04.108379-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009830412G7B7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9830412,
"ParentPID": 9371654,
"Thread": 48037947,
"EventTime": "2021-09-07T23:19:03.981340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:19:04.109101-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830414,
"ParentPID": 6684890,
"Thread": 29491243,
"EventTime": "2021-09-07T23:20:00.455525-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:20:00.607269-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830414,
"ParentPID": 6684890,
"Thread": 29491243,
"EventTime": "2021-09-07T23:20:00.455525-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:20:00.608093-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 22:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830414,
"ParentPID": 6684890,
"Thread": 29491243,
"EventTime": "2021-09-07T23:20:00.455525-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:20:00.608841-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830414,
"ParentPID": 6684890,
"Thread": 29491243,
"EventTime": "2021-09-07T23:20:00.455525-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:20:00.609590-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830416,
"ParentPID": 6684890,
"Thread": 33882363,
"EventTime": "2021-09-07T23:25:00.468393-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:25:00.497273-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830416,
"ParentPID": 6684890,
"Thread": 33882363,
"EventTime": "2021-09-07T23:25:00.468393-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:25:00.498092-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 22:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830416,
"ParentPID": 6684890,
"Thread": 33882363,
"EventTime": "2021-09-07T23:25:00.468393-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:25:00.498846-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830416,
"ParentPID": 6684890,
"Thread": 33882363,
"EventTime": "2021-09-07T23:25:00.468393-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:25:00.499591-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830418,
"ParentPID": 6684890,
"Thread": 20250869,
"EventTime": "2021-09-07T23:30:00.475986-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:30:00.667459-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830418,
"ParentPID": 6684890,
"Thread": 20250869,
"EventTime": "2021-09-07T23:30:00.475986-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:30:00.668237-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 22:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830418,
"ParentPID": 6684890,
"Thread": 20250869,
"EventTime": "2021-09-07T23:30:00.478340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:30:00.669034-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830418,
"ParentPID": 6684890,
"Thread": 20250869,
"EventTime": "2021-09-07T23:30:00.478340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:30:00.669828-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-07T23:33:09.432339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:33:09.643558-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485896A3Eaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485896,
"ParentPID": 10551518,
"Thread": 29032581,
"EventTime": "2021-09-07T23:34:04.108599-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:34:04.366887-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10551526,
"ParentPID": 9830422,
"Thread": 45351109,
"EventTime": "2021-09-07T23:34:04.120340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:34:04.367699-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485920BmEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485920,
"ParentPID": 10551528,
"Thread": 29032605,
"EventTime": "2021-09-07T23:34:04.220341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:34:04.368425-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830424,
"ParentPID": 6684890,
"Thread": 39256153,
"EventTime": "2021-09-07T23:35:00.483204-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:35:00.573855-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830424,
"ParentPID": 6684890,
"Thread": 39256153,
"EventTime": "2021-09-07T23:35:00.483204-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:35:00.574674-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 22:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830424,
"ParentPID": 6684890,
"Thread": 39256153,
"EventTime": "2021-09-07T23:35:00.488340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:35:00.575426-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830424,
"ParentPID": 6684890,
"Thread": 39256153,
"EventTime": "2021-09-07T23:35:00.489626-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:35:00.576166-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830426,
"ParentPID": 5439688,
"Thread": 37552363,
"EventTime": "2021-09-07T23:37:15.635629-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:37:15.799942-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10485922.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10485922,
"ParentPID": 9830426,
"Thread": 38666487,
"EventTime": "2021-09-07T23:37:15.765985-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:37:15.800695-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09240660",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10551530,
"ParentPID": 9240660,
"Thread": 40566975,
"EventTime": "2021-09-07T23:37:15.785991-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:37:15.801228-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10485922",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9240668,
"ParentPID": 10485922,
"Thread": 37093523,
"EventTime": "2021-09-07T23:37:15.814396-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:37:16.105164-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9240668,
"ParentPID": 10485922,
"Thread": 37093523,
"EventTime": "2021-09-07T23:37:15.816002-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:37:16.105962-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9240672aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9240672,
"ParentPID": 10485922,
"Thread": 37093527,
"EventTime": "2021-09-07T23:37:15.826005-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:37:16.106680-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9240672aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9240672,
"ParentPID": 10485922,
"Thread": 37093527,
"EventTime": "2021-09-07T23:37:15.826005-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:37:16.107401-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9240672aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9240672,
"ParentPID": 10485922,
"Thread": 37093527,
"EventTime": "2021-09-07T23:37:15.834340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:37:16.108107-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10485922/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9240678,
"ParentPID": 10485922,
"Thread": 37093533,
"EventTime": "2021-09-07T23:37:15.844376-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:37:16.108811-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10485922",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9240680,
"ParentPID": 10485922,
"Thread": 37093535,
"EventTime": "2021-09-07T23:37:15.846012-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:37:16.109517-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10485924,
"ParentPID": 9830426,
"Thread": 38666489,
"EventTime": "2021-09-07T23:37:15.849163-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:37:16.110209-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485924,
"ParentPID": 9830426,
"Thread": 38666489,
"EventTime": "2021-09-07T23:37:15.849163-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:37:16.110918-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830428,
"ParentPID": 5439688,
"Thread": 37552365,
"EventTime": "2021-09-07T23:37:16.354340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:37:16.415183-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10485926.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10485926,
"ParentPID": 9830428,
"Thread": 38666491,
"EventTime": "2021-09-07T23:37:16.484347-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:37:16.719121-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10485926",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9240696,
"ParentPID": 10485926,
"Thread": 37093551,
"EventTime": "2021-09-07T23:37:16.514340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:37:16.719920-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9240696,
"ParentPID": 10485926,
"Thread": 37093551,
"EventTime": "2021-09-07T23:37:16.524382-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:37:16.720650-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9240700aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9240700,
"ParentPID": 10485926,
"Thread": 37093555,
"EventTime": "2021-09-07T23:37:16.527798-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:37:16.721375-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9240700aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9240700,
"ParentPID": 10485926,
"Thread": 37093555,
"EventTime": "2021-09-07T23:37:16.534341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:37:16.722091-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9240700aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9240700,
"ParentPID": 10485926,
"Thread": 37093555,
"EventTime": "2021-09-07T23:37:16.534341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:37:16.722803-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10485926/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9240702,
"ParentPID": 10485926,
"Thread": 37093557,
"EventTime": "2021-09-07T23:37:16.544340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:37:16.723506-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10485926",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9240704,
"ParentPID": 10485926,
"Thread": 37093559,
"EventTime": "2021-09-07T23:37:16.549934-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:37:16.724206-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10485928,
"ParentPID": 9830428,
"Thread": 38666493,
"EventTime": "2021-09-07T23:37:16.549934-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:37:16.724966-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485928,
"ParentPID": 9830428,
"Thread": 38666493,
"EventTime": "2021-09-07T23:37:16.549934-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:37:16.725730-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830430,
"ParentPID": 6684890,
"Thread": 29032613,
"EventTime": "2021-09-07T23:40:00.489734-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:40:00.773968-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830430,
"ParentPID": 6684890,
"Thread": 29032613,
"EventTime": "2021-09-07T23:40:00.489734-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:40:00.774781-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 22:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830430,
"ParentPID": 6684890,
"Thread": 29032613,
"EventTime": "2021-09-07T23:40:00.498341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:40:00.775522-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830430,
"ParentPID": 6684890,
"Thread": 29032613,
"EventTime": "2021-09-07T23:40:00.499738-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:40:00.776253-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830432,
"ParentPID": 6684890,
"Thread": 37552383,
"EventTime": "2021-09-07T23:45:00.502876-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:45:00.621338-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830432,
"ParentPID": 6684890,
"Thread": 37552383,
"EventTime": "2021-09-07T23:45:00.502876-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:45:00.622109-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 22:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830432,
"ParentPID": 6684890,
"Thread": 37552383,
"EventTime": "2021-09-07T23:45:00.508340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:45:00.622857-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830432,
"ParentPID": 6684890,
"Thread": 37552383,
"EventTime": "2021-09-07T23:45:00.508340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:45:00.623607-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830434,
"ParentPID": 5439688,
"Thread": 49938447,
"EventTime": "2021-09-07T23:46:12.020901-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:46:12.126223-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00092407266i0qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240726,
"ParentPID": 9830446,
"Thread": 36306975,
"EventTime": "2021-09-07T23:49:04.350370-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:49:04.608066-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9830454,
"ParentPID": 10485932,
"Thread": 38535291,
"EventTime": "2021-09-07T23:49:04.367669-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:49:04.608835-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00092407506U0qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240750,
"ParentPID": 9830456,
"Thread": 36306999,
"EventTime": "2021-09-07T23:49:04.466721-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:49:04.609568-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485934,
"ParentPID": 6684890,
"Thread": 20906053,
"EventTime": "2021-09-07T23:50:00.514046-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:50:00.815719-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485934,
"ParentPID": 6684890,
"Thread": 20906053,
"EventTime": "2021-09-07T23:50:00.514046-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:50:00.816526-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 22:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485934,
"ParentPID": 6684890,
"Thread": 20906053,
"EventTime": "2021-09-07T23:50:00.518340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:50:00.817263-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485934,
"ParentPID": 6684890,
"Thread": 20906053,
"EventTime": "2021-09-07T23:50:00.518340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:50:00.817992-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485936,
"ParentPID": 6684890,
"Thread": 42598463,
"EventTime": "2021-09-07T23:55:00.525221-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:55:00.722660-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485936,
"ParentPID": 6684890,
"Thread": 42598463,
"EventTime": "2021-09-07T23:55:00.525221-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:55:00.723468-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 22:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485936,
"ParentPID": 6684890,
"Thread": 42598463,
"EventTime": "2021-09-07T23:55:00.525221-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:55:00.724230-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485936,
"ParentPID": 6684890,
"Thread": 42598463,
"EventTime": "2021-09-07T23:55:00.525221-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-07T23:55:00.724968-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485938,
"ParentPID": 6684890,
"Thread": 30933027,
"EventTime": "2021-09-08T00:00:00.533294-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:00:00.794876-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485938,
"ParentPID": 6684890,
"Thread": 30933027,
"EventTime": "2021-09-08T00:00:00.533294-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:00:00.795694-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 23:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485938,
"ParentPID": 6684890,
"Thread": 30933027,
"EventTime": "2021-09-08T00:00:00.533294-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:00:00.796452-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485938,
"ParentPID": 6684890,
"Thread": 30933027,
"EventTime": "2021-09-08T00:00:00.537340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:00:00.797196-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009240772zU0qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240772,
"ParentPID": 10485950,
"Thread": 38469637,
"EventTime": "2021-09-08T00:04:04.589341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:04:04.802756-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10485958,
"ParentPID": 9830462,
"Thread": 31654043,
"EventTime": "2021-09-08T00:04:04.607910-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:04:04.803552-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00092407961A0qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240796,
"ParentPID": 10485960,
"Thread": 38469661,
"EventTime": "2021-09-08T00:04:04.701666-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:04:04.804277-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830464,
"ParentPID": 5439688,
"Thread": 49348863,
"EventTime": "2021-09-08T00:04:57.087340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:04:57.358121-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830466,
"ParentPID": 5439688,
"Thread": 49348609,
"EventTime": "2021-09-08T00:04:57.350642-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:04:57.358951-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830468,
"ParentPID": 5439688,
"Thread": 49348611,
"EventTime": "2021-09-08T00:04:57.617996-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:04:57.668172-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830470,
"ParentPID": 5439688,
"Thread": 49348613,
"EventTime": "2021-09-08T00:04:57.751990-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:04:57.969774-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830472,
"ParentPID": 5439688,
"Thread": 49348615,
"EventTime": "2021-09-08T00:04:58.027340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:04:58.278164-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830474,
"ParentPID": 5439688,
"Thread": 49348617,
"EventTime": "2021-09-08T00:04:58.297340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:04:58.581456-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830476,
"ParentPID": 5439688,
"Thread": 44564627,
"EventTime": "2021-09-08T00:04:59.587340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:04:59.795154-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830478,
"ParentPID": 5439688,
"Thread": 44564629,
"EventTime": "2021-09-08T00:04:59.852436-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:05:00.101905-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830480,
"ParentPID": 5439688,
"Thread": 44564631,
"EventTime": "2021-09-08T00:05:00.107340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:05:00.406792-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830482,
"ParentPID": 5439688,
"Thread": 44564633,
"EventTime": "2021-09-08T00:05:00.374858-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:05:00.407630-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240798,
"ParentPID": 6684890,
"Thread": 37748757,
"EventTime": "2021-09-08T00:05:00.546312-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:05:00.712870-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240798,
"ParentPID": 6684890,
"Thread": 37748757,
"EventTime": "2021-09-08T00:05:00.546312-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:05:00.713670-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 23:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240798,
"ParentPID": 6684890,
"Thread": 37748757,
"EventTime": "2021-09-08T00:05:00.546312-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:05:00.714404-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240798,
"ParentPID": 6684890,
"Thread": 37748757,
"EventTime": "2021-09-08T00:05:00.547340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:05:00.715134-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10551316",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9371732,
"ParentPID": 10551316,
"Thread": 44367975,
"EventTime": "2021-09-08T00:05:00.561877-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:05:00.715671-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830484,
"ParentPID": 6684890,
"Thread": 46923895,
"EventTime": "2021-09-08T00:10:00.567340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:10:00.613163-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830484,
"ParentPID": 6684890,
"Thread": 46923895,
"EventTime": "2021-09-08T00:10:00.567340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:10:00.613973-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 23:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830484,
"ParentPID": 6684890,
"Thread": 46923895,
"EventTime": "2021-09-08T00:10:00.567340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:10:00.614716-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830484,
"ParentPID": 6684890,
"Thread": 46923895,
"EventTime": "2021-09-08T00:10:00.567340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:10:00.615440-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830486,
"ParentPID": 6684890,
"Thread": 31588479,
"EventTime": "2021-09-08T00:15:00.578086-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:15:00.879206-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830486,
"ParentPID": 6684890,
"Thread": 31588479,
"EventTime": "2021-09-08T00:15:00.578086-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:15:00.880015-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 23:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830486,
"ParentPID": 6684890,
"Thread": 31588479,
"EventTime": "2021-09-08T00:15:00.578086-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:15:00.880764-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830486,
"ParentPID": 6684890,
"Thread": 31588479,
"EventTime": "2021-09-08T00:15:00.578086-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:15:00.881499-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830488,
"ParentPID": 5439688,
"Thread": 31588481,
"EventTime": "2021-09-08T00:15:10.411215-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:15:10.512116-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9240800.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9240800,
"ParentPID": 9830488,
"Thread": 46465143,
"EventTime": "2021-09-08T00:15:10.421217-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:15:10.512862-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9240800",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10551332,
"ParentPID": 9240800,
"Thread": 38338689,
"EventTime": "2021-09-08T00:15:10.451227-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:15:10.513587-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10551332,
"ParentPID": 9240800,
"Thread": 38338689,
"EventTime": "2021-09-08T00:15:10.461231-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:15:10.514304-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551336aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551336,
"ParentPID": 9240800,
"Thread": 38338693,
"EventTime": "2021-09-08T00:15:10.471234-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:15:10.515016-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551336aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551336,
"ParentPID": 9240800,
"Thread": 38338693,
"EventTime": "2021-09-08T00:15:10.471234-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:15:10.515725-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551336aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551336,
"ParentPID": 9240800,
"Thread": 38338693,
"EventTime": "2021-09-08T00:15:10.474661-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:15:10.516421-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9240800/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10551338,
"ParentPID": 9240800,
"Thread": 38338695,
"EventTime": "2021-09-08T00:15:10.481237-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:15:10.517114-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9240800",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10551340,
"ParentPID": 9240800,
"Thread": 38338697,
"EventTime": "2021-09-08T00:15:10.487340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:15:10.517864-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9240802,
"ParentPID": 9830488,
"Thread": 46465145,
"EventTime": "2021-09-08T00:15:10.491240-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:15:10.518613-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240802,
"ParentPID": 9830488,
"Thread": 46465145,
"EventTime": "2021-09-08T00:15:10.491240-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:15:10.519320-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sshd",
"PID": 9830488,
"ParentPID": 5439688,
"Thread": 31588481,
"EventTime": "2021-09-08T00:15:10.707340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:15:10.823069-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "sshd",
"PID": 9830488,
"ParentPID": 5439688,
"Thread": 31588481,
"EventTime": "2021-09-08T00:15:10.707340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:15:10.823848-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009240826uE0qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240826,
"ParentPID": 9830498,
"Thread": 47906845,
"EventTime": "2021-09-08T00:19:04.828341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:19:04.885188-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9830506,
"ParentPID": 10551344,
"Thread": 37093589,
"EventTime": "2021-09-08T00:19:04.848341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:19:04.885940-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009240594vu0qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240594,
"ParentPID": 9830508,
"Thread": 47906869,
"EventTime": "2021-09-08T00:19:04.948341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:19:05.189172-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830510,
"ParentPID": 6684890,
"Thread": 41418807,
"EventTime": "2021-09-08T00:20:00.587423-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:20:00.778767-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830510,
"ParentPID": 6684890,
"Thread": 41418807,
"EventTime": "2021-09-08T00:20:00.587423-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:20:00.779577-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 23:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830510,
"ParentPID": 6684890,
"Thread": 41418807,
"EventTime": "2021-09-08T00:20:00.587423-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:20:00.780323-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830510,
"ParentPID": 6684890,
"Thread": 41418807,
"EventTime": "2021-09-08T00:20:00.587423-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:20:00.781054-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830512,
"ParentPID": 6684890,
"Thread": 47644803,
"EventTime": "2021-09-08T00:25:00.597208-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:25:00.676225-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830512,
"ParentPID": 6684890,
"Thread": 47644803,
"EventTime": "2021-09-08T00:25:00.597208-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:25:00.677101-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 23:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830512,
"ParentPID": 6684890,
"Thread": 47644803,
"EventTime": "2021-09-08T00:25:00.598447-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:25:00.677909-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830512,
"ParentPID": 6684890,
"Thread": 47644803,
"EventTime": "2021-09-08T00:25:00.598447-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:25:00.678637-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830514,
"ParentPID": 6684890,
"Thread": 37093599,
"EventTime": "2021-09-08T00:30:00.605341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:30:00.877058-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830514,
"ParentPID": 6684890,
"Thread": 37093599,
"EventTime": "2021-09-08T00:30:00.605341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:30:00.878005-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 23:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830514,
"ParentPID": 6684890,
"Thread": 37093599,
"EventTime": "2021-09-08T00:30:00.607128-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:30:00.878771-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830514,
"ParentPID": 6684890,
"Thread": 37093599,
"EventTime": "2021-09-08T00:30:00.607128-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:30:00.879508-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830516,
"ParentPID": 5439688,
"Thread": 35913935,
"EventTime": "2021-09-08T00:31:14.013340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:14.194324-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9240596.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9240596,
"ParentPID": 9830516,
"Thread": 44171407,
"EventTime": "2021-09-08T00:31:14.143340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:14.195101-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9240596",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11468932,
"ParentPID": 9240596,
"Thread": 30605447,
"EventTime": "2021-09-08T00:31:14.173340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:14.195826-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11468932,
"ParentPID": 9240596,
"Thread": 30605447,
"EventTime": "2021-09-08T00:31:14.183340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:14.196541-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468936aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468936,
"ParentPID": 9240596,
"Thread": 30605451,
"EventTime": "2021-09-08T00:31:14.193355-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:14.502773-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468936aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468936,
"ParentPID": 9240596,
"Thread": 30605451,
"EventTime": "2021-09-08T00:31:14.193355-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:14.503554-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468936aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468936,
"ParentPID": 9240596,
"Thread": 30605451,
"EventTime": "2021-09-08T00:31:14.201110-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:14.504289-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9240596/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11468942,
"ParentPID": 9240596,
"Thread": 30605457,
"EventTime": "2021-09-08T00:31:14.211113-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:14.505060-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9240596",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11468944,
"ParentPID": 9240596,
"Thread": 30605459,
"EventTime": "2021-09-08T00:31:14.213341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:14.505772-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9240598,
"ParentPID": 9830516,
"Thread": 44171409,
"EventTime": "2021-09-08T00:31:14.213341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:14.506489-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240598,
"ParentPID": 9830516,
"Thread": 44171409,
"EventTime": "2021-09-08T00:31:14.213341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:14.507187-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830518,
"ParentPID": 5439688,
"Thread": 35913937,
"EventTime": "2021-09-08T00:31:14.613340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:14.816803-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9240600.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9240600,
"ParentPID": 9830518,
"Thread": 44171411,
"EventTime": "2021-09-08T00:31:14.743773-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:14.817550-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9240600",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11468960,
"ParentPID": 9240600,
"Thread": 30605475,
"EventTime": "2021-09-08T00:31:14.774161-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:14.818276-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11468960,
"ParentPID": 9240600,
"Thread": 30605475,
"EventTime": "2021-09-08T00:31:14.783366-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:14.818998-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468964aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468964,
"ParentPID": 9240600,
"Thread": 30605479,
"EventTime": "2021-09-08T00:31:14.783366-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:14.819709-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468964aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468964,
"ParentPID": 9240600,
"Thread": 30605479,
"EventTime": "2021-09-08T00:31:14.792644-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:14.820420-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468964aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468964,
"ParentPID": 9240600,
"Thread": 30605479,
"EventTime": "2021-09-08T00:31:14.793785-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:14.821113-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9240600/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11468970,
"ParentPID": 9240600,
"Thread": 30605485,
"EventTime": "2021-09-08T00:31:14.803341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:14.826772-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9240600",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11468972,
"ParentPID": 9240600,
"Thread": 30605487,
"EventTime": "2021-09-08T00:31:14.803341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:14.827495-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.11468974",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10486002,
"ParentPID": 11468974,
"Thread": 42008795,
"EventTime": "2021-09-08T00:31:14.825645-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:15.134030-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9240602,
"ParentPID": 9830518,
"Thread": 44171413,
"EventTime": "2021-09-08T00:31:14.825645-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:15.134844-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240602,
"ParentPID": 9830518,
"Thread": 44171413,
"EventTime": "2021-09-08T00:31:14.825645-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:15.135584-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830520,
"ParentPID": 5439688,
"Thread": 35913939,
"EventTime": "2021-09-08T00:31:15.815304-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:16.046629-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9240604.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9240604,
"ParentPID": 9830520,
"Thread": 44171415,
"EventTime": "2021-09-08T00:31:15.946971-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:16.047473-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9240604",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11468990,
"ParentPID": 9240604,
"Thread": 30605505,
"EventTime": "2021-09-08T00:31:15.975670-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:16.048214-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11468990,
"ParentPID": 9240604,
"Thread": 30605505,
"EventTime": "2021-09-08T00:31:15.985707-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:16.048935-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468994aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468994,
"ParentPID": 9240604,
"Thread": 30605509,
"EventTime": "2021-09-08T00:31:15.995712-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:16.049647-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468994aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468994,
"ParentPID": 9240604,
"Thread": 30605509,
"EventTime": "2021-09-08T00:31:15.995712-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:16.050358-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468994aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468994,
"ParentPID": 9240604,
"Thread": 30605509,
"EventTime": "2021-09-08T00:31:15.996983-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:16.051064-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9240604/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11469000,
"ParentPID": 9240604,
"Thread": 30605515,
"EventTime": "2021-09-08T00:31:16.005714-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:16.051767-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9240604",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11469002,
"ParentPID": 9240604,
"Thread": 30605517,
"EventTime": "2021-09-08T00:31:16.005714-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:16.052484-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9240606,
"ParentPID": 9830520,
"Thread": 44171417,
"EventTime": "2021-09-08T00:31:16.015717-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:16.053177-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240606,
"ParentPID": 9830520,
"Thread": 44171417,
"EventTime": "2021-09-08T00:31:16.015717-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:16.053905-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830522,
"ParentPID": 5439688,
"Thread": 35913941,
"EventTime": "2021-09-08T00:31:27.542340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:27.785078-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830524,
"ParentPID": 5439688,
"Thread": 35913943,
"EventTime": "2021-09-08T00:31:28.922340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:28.991976-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830526,
"ParentPID": 5439688,
"Thread": 35913945,
"EventTime": "2021-09-08T00:31:30.306304-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:30.496049-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830528,
"ParentPID": 5439688,
"Thread": 35913947,
"EventTime": "2021-09-08T00:31:31.688421-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:31.708224-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9240608.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9240608,
"ParentPID": 9830528,
"Thread": 44171419,
"EventTime": "2021-09-08T00:31:31.818754-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:32.009910-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9240608",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11469018,
"ParentPID": 9240608,
"Thread": 30605533,
"EventTime": "2021-09-08T00:31:31.853818-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:32.010723-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11469018,
"ParentPID": 9240608,
"Thread": 30605533,
"EventTime": "2021-09-08T00:31:31.858767-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:32.011460-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11469022aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11469022,
"ParentPID": 9240608,
"Thread": 30605537,
"EventTime": "2021-09-08T00:31:31.868770-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:32.012233-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11469022aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11469022,
"ParentPID": 9240608,
"Thread": 30605537,
"EventTime": "2021-09-08T00:31:31.868770-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:32.013754-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11469022aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11469022,
"ParentPID": 9240608,
"Thread": 30605537,
"EventTime": "2021-09-08T00:31:31.872341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:32.014499-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9240608/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11469028,
"ParentPID": 9240608,
"Thread": 30605543,
"EventTime": "2021-09-08T00:31:31.882340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:32.015218-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9240608",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11469030,
"ParentPID": 9240608,
"Thread": 30605545,
"EventTime": "2021-09-08T00:31:31.882340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:32.015933-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9240610,
"ParentPID": 9830528,
"Thread": 44171421,
"EventTime": "2021-09-08T00:31:31.888780-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:32.016648-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240610,
"ParentPID": 9830528,
"Thread": 44171421,
"EventTime": "2021-09-08T00:31:31.888780-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:32.017350-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830530,
"ParentPID": 5439688,
"Thread": 35913949,
"EventTime": "2021-09-08T00:31:33.152340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:33.221926-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9240612.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9240612,
"ParentPID": 9830530,
"Thread": 44171423,
"EventTime": "2021-09-08T00:31:33.282365-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:33.523200-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9240612",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11469046,
"ParentPID": 9240612,
"Thread": 30605561,
"EventTime": "2021-09-08T00:31:33.313239-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:33.524022-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11469046,
"ParentPID": 9240612,
"Thread": 30605561,
"EventTime": "2021-09-08T00:31:33.313239-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:33.524755-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11469050aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11469050,
"ParentPID": 9240612,
"Thread": 30605565,
"EventTime": "2021-09-08T00:31:33.322587-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:33.525483-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11469050aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11469050,
"ParentPID": 9240612,
"Thread": 30605565,
"EventTime": "2021-09-08T00:31:33.322587-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:33.526207-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11469050aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11469050,
"ParentPID": 9240612,
"Thread": 30605565,
"EventTime": "2021-09-08T00:31:33.332589-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:33.526927-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9240612/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11469052,
"ParentPID": 9240612,
"Thread": 30605567,
"EventTime": "2021-09-08T00:31:33.342592-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:33.527638-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9240612",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11469054,
"ParentPID": 9240612,
"Thread": 30605313,
"EventTime": "2021-09-08T00:31:33.342592-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:33.528340-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9240614,
"ParentPID": 9830530,
"Thread": 44171425,
"EventTime": "2021-09-08T00:31:33.342592-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:33.529046-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240614,
"ParentPID": 9830530,
"Thread": 44171425,
"EventTime": "2021-09-08T00:31:33.342592-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:33.529743-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830532,
"ParentPID": 5439688,
"Thread": 35913951,
"EventTime": "2021-09-08T00:31:34.613420-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:31:34.737180-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-08T00:33:09.309939-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:33:09.461203-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011468820puHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468820,
"ParentPID": 9240624,
"Thread": 22937827,
"EventTime": "2021-09-08T00:34:05.067341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:34:05.358189-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9240632,
"ParentPID": 9830536,
"Thread": 32964703,
"EventTime": "2021-09-08T00:34:05.087341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:34:05.359001-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011468844qaHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468844,
"ParentPID": 9240634,
"Thread": 22937851,
"EventTime": "2021-09-08T00:34:05.187370-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:34:05.359727-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830538,
"ParentPID": 6684890,
"Thread": 35913961,
"EventTime": "2021-09-08T00:35:00.614728-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:35:00.676223-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830538,
"ParentPID": 6684890,
"Thread": 35913961,
"EventTime": "2021-09-08T00:35:00.614728-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:35:00.677041-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 23:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830538,
"ParentPID": 6684890,
"Thread": 35913961,
"EventTime": "2021-09-08T00:35:00.617597-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:35:00.677797-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830538,
"ParentPID": 6684890,
"Thread": 35913961,
"EventTime": "2021-09-08T00:35:00.617597-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:35:00.678527-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830540,
"ParentPID": 5439688,
"Thread": 44171435,
"EventTime": "2021-09-08T00:39:59.654340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:39:59.700246-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830542,
"ParentPID": 6684890,
"Thread": 44171437,
"EventTime": "2021-09-08T00:40:00.624340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:40:00.913637-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830542,
"ParentPID": 6684890,
"Thread": 44171437,
"EventTime": "2021-09-08T00:40:00.624340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:40:00.914434-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 23:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830542,
"ParentPID": 6684890,
"Thread": 44171437,
"EventTime": "2021-09-08T00:40:00.625807-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:40:00.915207-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830542,
"ParentPID": 6684890,
"Thread": 44171437,
"EventTime": "2021-09-08T00:40:00.625807-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:40:00.916002-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830544,
"ParentPID": 6684890,
"Thread": 39780555,
"EventTime": "2021-09-08T00:45:00.634340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:45:00.841445-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830544,
"ParentPID": 6684890,
"Thread": 39780555,
"EventTime": "2021-09-08T00:45:00.634340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:45:00.842267-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 23:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830544,
"ParentPID": 6684890,
"Thread": 39780555,
"EventTime": "2021-09-08T00:45:00.634340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:45:00.843024-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830544,
"ParentPID": 6684890,
"Thread": 39780555,
"EventTime": "2021-09-08T00:45:00.634340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:45:00.843787-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011468866kaHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468866,
"ParentPID": 9240644,
"Thread": 38928473,
"EventTime": "2021-09-08T00:49:05.309607-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:49:05.460590-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9240652,
"ParentPID": 9830546,
"Thread": 39190611,
"EventTime": "2021-09-08T00:49:05.326340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:49:05.461364-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011468890kIHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468890,
"ParentPID": 9240654,
"Thread": 38928497,
"EventTime": "2021-09-08T00:49:05.426341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:49:05.462098-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.11468892",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9371798,
"ParentPID": 11468892,
"Thread": 46203135,
"EventTime": "2021-09-08T00:49:05.439652-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:49:05.462642-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468894,
"ParentPID": 6684890,
"Thread": 44171457,
"EventTime": "2021-09-08T00:50:00.643104-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:50:00.764273-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468894,
"ParentPID": 6684890,
"Thread": 44171457,
"EventTime": "2021-09-08T00:50:00.643104-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:50:00.765059-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 23:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468894,
"ParentPID": 6684890,
"Thread": 44171457,
"EventTime": "2021-09-08T00:50:00.643104-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:50:00.765861-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468894,
"ParentPID": 6684890,
"Thread": 44171457,
"EventTime": "2021-09-08T00:50:00.643104-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:50:00.766598-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830550,
"ParentPID": 6684890,
"Thread": 40697905,
"EventTime": "2021-09-08T00:55:00.657013-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:55:00.673382-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830550,
"ParentPID": 6684890,
"Thread": 40697905,
"EventTime": "2021-09-08T00:55:00.657013-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:55:00.674148-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /var/perf/pm/bin/pmcfg >/dev/null 2>&1 #Enable PM Data Collection time = Tue Aug 17 23:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830550,
"ParentPID": 6684890,
"Thread": 40697905,
"EventTime": "2021-09-08T00:55:00.657013-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:55:00.674904-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830550,
"ParentPID": 6684890,
"Thread": 40697905,
"EventTime": "2021-09-08T00:55:00.657013-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:55:00.675696-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468898,
"ParentPID": 6684890,
"Thread": 31916149,
"EventTime": "2021-09-08T00:55:00.667016-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:55:00.676426-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468898,
"ParentPID": 6684890,
"Thread": 31916149,
"EventTime": "2021-09-08T00:55:00.667016-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:55:00.677161-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Tue Aug 17 23:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468898,
"ParentPID": 6684890,
"Thread": 31916149,
"EventTime": "2021-09-08T00:55:00.667016-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:55:00.677883-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468898,
"ParentPID": 6684890,
"Thread": 31916149,
"EventTime": "2021-09-08T00:55:00.669563-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:55:00.678597-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/perf/daily/persistent.db",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "topasout",
"PID": 9240656,
"ParentPID": 11468912,
"Thread": 48890043,
"EventTime": "2021-09-08T00:55:00.737359-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:55:00.985256-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /var/perf/pm/daily",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "find",
"PID": 11468918,
"ParentPID": 9830550,
"Thread": 31916169,
"EventTime": "2021-09-08T00:55:00.757045-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:55:00.986112-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: p1220-pvm1",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "find",
"PID": 11468918,
"ParentPID": 9830550,
"Thread": 31916169,
"EventTime": "2021-09-08T00:55:00.757045-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:55:00.986861-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: ..",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "find",
"PID": 11468918,
"ParentPID": 9830550,
"Thread": 31916169,
"EventTime": "2021-09-08T00:55:00.757045-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:55:00.987658-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/perf/pm/daily/p1220-pvm1/pm_meminfo.2021.08.13.Fri",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9371802,
"ParentPID": 9240660,
"Thread": 35717163,
"EventTime": "2021-09-08T00:55:00.764340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:55:00.988396-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/perf/pm/daily/p1220-pvm1/pm_process.2021.08.14.Sat",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9371802,
"ParentPID": 9240660,
"Thread": 35717163,
"EventTime": "2021-09-08T00:55:00.767088-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:55:00.989127-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/perf/daily/persistent.db",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "topasout",
"PID": 10289400,
"ParentPID": 11468926,
"Thread": 37159067,
"EventTime": "2021-09-08T00:55:00.827107-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:55:00.989843-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 5636314,
"ParentPID": 9044108,
"Thread": 46334053,
"EventTime": "2021-09-08T00:55:00.867120-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:55:00.990562-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 5636316,
"ParentPID": 9044110,
"Thread": 46334055,
"EventTime": "2021-09-08T00:55:00.884340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T00:55:00.991288-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010172,
"ParentPID": 6684890,
"Thread": 41156769,
"EventTime": "2021-09-08T01:00:00.921564-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:00:01.200942-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010172,
"ParentPID": 6684890,
"Thread": 41156769,
"EventTime": "2021-09-08T01:00:00.921564-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:00:01.201786-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 00:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010172,
"ParentPID": 6684890,
"Thread": 41156769,
"EventTime": "2021-09-08T01:00:00.921564-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:00:01.202572-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010172,
"ParentPID": 6684890,
"Thread": 41156769,
"EventTime": "2021-09-08T01:00:00.924340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:00:01.203323-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /etc/perf/daily/persistent_local",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "topasrec",
"PID": 5308582,
"ParentPID": 1,
"Thread": 20316271,
"EventTime": "2021-09-08T01:00:05.440107-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:00:05.725223-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010289168e3Dqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10289168,
"ParentPID": 11468938,
"Thread": 49676467,
"EventTime": "2021-09-08T01:04:05.505339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:04:05.715906-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11468946,
"ParentPID": 11010180,
"Thread": 40567033,
"EventTime": "2021-09-08T01:04:05.525340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:04:05.716423-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011468968eYHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468968,
"ParentPID": 9371826,
"Thread": 40566799,
"EventTime": "2021-09-08T01:04:05.585370-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:04:05.716884-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010182,
"ParentPID": 6684890,
"Thread": 27197549,
"EventTime": "2021-09-08T01:05:00.925889-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:05:00.987026-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010182,
"ParentPID": 6684890,
"Thread": 27197549,
"EventTime": "2021-09-08T01:05:00.925889-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:05:00.987545-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 00:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010182,
"ParentPID": 6684890,
"Thread": 27197549,
"EventTime": "2021-09-08T01:05:00.925889-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:05:00.988015-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010182,
"ParentPID": 6684890,
"Thread": 27197549,
"EventTime": "2021-09-08T01:05:00.925889-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:05:00.988474-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010184,
"ParentPID": 6684890,
"Thread": 48169173,
"EventTime": "2021-09-08T01:10:00.933341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:10:01.129586-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010184,
"ParentPID": 6684890,
"Thread": 48169173,
"EventTime": "2021-09-08T01:10:00.933341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:10:01.130427-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 00:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010184,
"ParentPID": 6684890,
"Thread": 48169173,
"EventTime": "2021-09-08T01:10:00.933341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:10:01.131186-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010184,
"ParentPID": 6684890,
"Thread": 48169173,
"EventTime": "2021-09-08T01:10:00.933341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:10:01.131931-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010186,
"ParentPID": 6684890,
"Thread": 45154455,
"EventTime": "2021-09-08T01:15:00.944598-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:15:01.031330-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010186,
"ParentPID": 6684890,
"Thread": 45154455,
"EventTime": "2021-09-08T01:15:00.944598-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:15:01.032104-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 00:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010186,
"ParentPID": 6684890,
"Thread": 45154455,
"EventTime": "2021-09-08T01:15:00.944598-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:15:01.032863-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010186,
"ParentPID": 6684890,
"Thread": 45154455,
"EventTime": "2021-09-08T01:15:00.944598-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:15:01.033638-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011468990_UHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468990,
"ParentPID": 9371836,
"Thread": 38600723,
"EventTime": "2021-09-08T01:19:05.710438-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:19:05.941652-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9371844,
"ParentPID": 11010188,
"Thread": 37421257,
"EventTime": "2021-09-08T01:19:05.725340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:19:05.942477-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011469014-AHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11469014,
"ParentPID": 9371846,
"Thread": 38600747,
"EventTime": "2021-09-08T01:19:05.825404-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:19:05.943217-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010190,
"ParentPID": 6684890,
"Thread": 44171469,
"EventTime": "2021-09-08T01:20:00.953341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:20:01.254130-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010190,
"ParentPID": 6684890,
"Thread": 44171469,
"EventTime": "2021-09-08T01:20:00.953341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:20:01.254952-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 00:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010190,
"ParentPID": 6684890,
"Thread": 44171469,
"EventTime": "2021-09-08T01:20:00.953341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:20:01.255707-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010190,
"ParentPID": 6684890,
"Thread": 44171469,
"EventTime": "2021-09-08T01:20:00.953341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:20:01.256447-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010192,
"ParentPID": 6684890,
"Thread": 44826861,
"EventTime": "2021-09-08T01:25:00.963536-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:25:01.110179-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010192,
"ParentPID": 6684890,
"Thread": 44826861,
"EventTime": "2021-09-08T01:25:00.963536-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:25:01.110994-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 00:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010192,
"ParentPID": 6684890,
"Thread": 44826861,
"EventTime": "2021-09-08T01:25:00.963536-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:25:01.111751-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010192,
"ParentPID": 6684890,
"Thread": 44826861,
"EventTime": "2021-09-08T01:25:00.963536-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:25:01.112490-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11010194,
"ParentPID": 5439688,
"Thread": 49676489,
"EventTime": "2021-09-08T01:27:35.358340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:27:35.596668-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10289198.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10289198,
"ParentPID": 11010194,
"Thread": 29491301,
"EventTime": "2021-09-08T01:27:35.488340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:27:35.597483-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10289198",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9830590,
"ParentPID": 10289198,
"Thread": 37552191,
"EventTime": "2021-09-08T01:27:35.518340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:27:35.598219-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9830590,
"ParentPID": 10289198,
"Thread": 37552191,
"EventTime": "2021-09-08T01:27:35.528369-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:27:35.598989-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09240716",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10485854,
"ParentPID": 9240716,
"Thread": 27197567,
"EventTime": "2021-09-08T01:27:35.538340-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:27:35.599584-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9830594aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9830594,
"ParentPID": 10289198,
"Thread": 37552195,
"EventTime": "2021-09-08T01:27:35.548474-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:27:35.600328-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9830594aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9830594,
"ParentPID": 10289198,
"Thread": 37552195,
"EventTime": "2021-09-08T01:27:35.548474-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:27:35.601043-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9830594aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9830594,
"ParentPID": 10289198,
"Thread": 37552195,
"EventTime": "2021-09-08T01:27:35.554170-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:27:35.601744-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10289198/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9830596,
"ParentPID": 10289198,
"Thread": 37552197,
"EventTime": "2021-09-08T01:27:35.558340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:27:35.602455-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10289198",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9830598,
"ParentPID": 10289198,
"Thread": 37552199,
"EventTime": "2021-09-08T01:27:35.565714-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:27:35.603152-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10289200,
"ParentPID": 11010194,
"Thread": 29491303,
"EventTime": "2021-09-08T01:27:35.568340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:27:35.603855-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289200,
"ParentPID": 11010194,
"Thread": 29491303,
"EventTime": "2021-09-08T01:27:35.568340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:27:35.604642-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11010196,
"ParentPID": 5439688,
"Thread": 49676491,
"EventTime": "2021-09-08T01:27:36.068340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:27:36.208981-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10289202.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10289202,
"ParentPID": 11010196,
"Thread": 29491305,
"EventTime": "2021-09-08T01:27:36.198340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:27:36.209808-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10289202",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9830614,
"ParentPID": 10289202,
"Thread": 37552215,
"EventTime": "2021-09-08T01:27:36.228340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:27:36.518974-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9830614,
"ParentPID": 10289202,
"Thread": 37552215,
"EventTime": "2021-09-08T01:27:36.238340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:27:36.519801-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9830618aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9830618,
"ParentPID": 10289202,
"Thread": 37552219,
"EventTime": "2021-09-08T01:27:36.248341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:27:36.520541-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9830618aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9830618,
"ParentPID": 10289202,
"Thread": 37552219,
"EventTime": "2021-09-08T01:27:36.248341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:27:36.521276-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9830618aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9830618,
"ParentPID": 10289202,
"Thread": 37552219,
"EventTime": "2021-09-08T01:27:36.248341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:27:36.522004-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10289202/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9830624,
"ParentPID": 10289202,
"Thread": 37552225,
"EventTime": "2021-09-08T01:27:36.259917-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:27:36.522727-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10289202",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9830626,
"ParentPID": 10289202,
"Thread": 37552227,
"EventTime": "2021-09-08T01:27:36.259917-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:27:36.523444-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10289204,
"ParentPID": 11010196,
"Thread": 29491307,
"EventTime": "2021-09-08T01:27:36.268340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:27:36.524156-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289204,
"ParentPID": 11010196,
"Thread": 29491307,
"EventTime": "2021-09-08T01:27:36.268340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:27:36.524872-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010198,
"ParentPID": 6684890,
"Thread": 40697939,
"EventTime": "2021-09-08T01:30:00.973341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:30:01.079336-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010198,
"ParentPID": 6684890,
"Thread": 40697939,
"EventTime": "2021-09-08T01:30:00.973341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:30:01.080120-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 00:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010198,
"ParentPID": 6684890,
"Thread": 40697939,
"EventTime": "2021-09-08T01:30:00.973341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:30:01.080883-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010198,
"ParentPID": 6684890,
"Thread": 40697939,
"EventTime": "2021-09-08T01:30:00.973341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:30:01.081624-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-08T01:33:09.187341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:33:09.230747-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009830648VAB7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9830648,
"ParentPID": 10289214,
"Thread": 34406571,
"EventTime": "2021-09-08T01:34:05.947937-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:34:05.996152-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10289222,
"ParentPID": 11010202,
"Thread": 44826631,
"EventTime": "2021-09-08T01:34:05.967943-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:34:05.996967-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009830416WuB7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9830416,
"ParentPID": 10289224,
"Thread": 34406595,
"EventTime": "2021-09-08T01:34:06.065340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:34:06.299466-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010204,
"ParentPID": 6684890,
"Thread": 49676509,
"EventTime": "2021-09-08T01:35:00.983341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:35:00.990426-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010204,
"ParentPID": 6684890,
"Thread": 49676509,
"EventTime": "2021-09-08T01:35:00.983341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:35:00.991197-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 00:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010204,
"ParentPID": 6684890,
"Thread": 49676509,
"EventTime": "2021-09-08T01:35:00.986065-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:35:00.991948-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010204,
"ParentPID": 6684890,
"Thread": 49676509,
"EventTime": "2021-09-08T01:35:00.987080-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:35:00.992690-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289228,
"ParentPID": 6684890,
"Thread": 34406605,
"EventTime": "2021-09-08T01:40:00.996216-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:40:01.173560-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289228,
"ParentPID": 6684890,
"Thread": 34406605,
"EventTime": "2021-09-08T01:40:00.996216-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:40:01.174378-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 00:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10289228,
"ParentPID": 6684890,
"Thread": 34406605,
"EventTime": "2021-09-08T01:40:00.996216-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:40:01.175129-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10289228,
"ParentPID": 6684890,
"Thread": 34406605,
"EventTime": "2021-09-08T01:40:00.996216-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:40:01.175878-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289230,
"ParentPID": 6684890,
"Thread": 37159109,
"EventTime": "2021-09-08T01:45:00.007949-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:45:00.196332-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289230,
"ParentPID": 6684890,
"Thread": 37159109,
"EventTime": "2021-09-08T01:45:00.007949-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:45:00.197151-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 00:44:59 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10289230,
"ParentPID": 6684890,
"Thread": 37159109,
"EventTime": "2021-09-08T01:45:00.007949-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:45:00.197901-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10289230,
"ParentPID": 6684890,
"Thread": 37159109,
"EventTime": "2021-09-08T01:45:00.007949-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:45:00.198650-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009371878Qq0Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371878,
"ParentPID": 11010216,
"Thread": 49348697,
"EventTime": "2021-09-08T01:49:06.190046-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:49:06.310931-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11010224,
"ParentPID": 10289232,
"Thread": 39911583,
"EventTime": "2021-09-08T01:49:06.206584-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:49:06.311696-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009371902Ra0Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371902,
"ParentPID": 11010226,
"Thread": 49348721,
"EventTime": "2021-09-08T01:49:06.304431-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:49:06.312425-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289234,
"ParentPID": 6684890,
"Thread": 43253853,
"EventTime": "2021-09-08T01:50:00.017662-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:50:00.094768-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289234,
"ParentPID": 6684890,
"Thread": 43253853,
"EventTime": "2021-09-08T01:50:00.017662-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:50:00.095591-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 00:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10289234,
"ParentPID": 6684890,
"Thread": 43253853,
"EventTime": "2021-09-08T01:50:00.017662-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:50:00.096342-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10289234,
"ParentPID": 6684890,
"Thread": 43253853,
"EventTime": "2021-09-08T01:50:00.017662-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:50:00.097084-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /var/ct/cfg/ct_has.thl.pend topath: /var/ct/cfg/ct_has.thl",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26083357,
"EventTime": "2021-09-08T01:52:26.938102-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:52:27.019112-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/ct/cfg/ct_has.thl.pend",
"Status": 1,
"EventType": "FILE_Unlink",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26083357,
"EventTime": "2021-09-08T01:52:26.938102-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:52:27.019632-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "chrmcacl",
"PID": 9371650,
"ParentPID": 11206744,
"Thread": 39190621,
"EventTime": "2021-09-08T01:52:26.947339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:52:27.020098-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "linkname /var/ct/cfg/ctrmc.acls filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Link",
"Command": "chrmcacl",
"PID": 9371650,
"ParentPID": 11206744,
"Thread": 39190621,
"EventTime": "2021-09-08T01:52:26.947339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:52:27.020554-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /var/ct/cfg/ctrmc.acls.9371650 topath: /var/ct/cfg/ctrmc.acls",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "chrmcacl",
"PID": 9371650,
"ParentPID": 11206744,
"Thread": 39190621,
"EventTime": "2021-09-08T01:52:26.947339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:52:27.021002-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "chrmcacl",
"PID": 9371652,
"ParentPID": 11206744,
"Thread": 39190623,
"EventTime": "2021-09-08T01:52:26.968535-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:52:27.021450-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "linkname /var/ct/cfg/ctrmc.acls filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Link",
"Command": "chrmcacl",
"PID": 9371652,
"ParentPID": 11206744,
"Thread": 39190623,
"EventTime": "2021-09-08T01:52:26.968535-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:52:27.021892-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /var/ct/cfg/ctrmc.acls.9371652 topath: /var/ct/cfg/ctrmc.acls",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "chrmcacl",
"PID": 9371652,
"ParentPID": 11206744,
"Thread": 39190623,
"EventTime": "2021-09-08T01:52:26.968535-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:52:27.022334-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00051119822mt7a4",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rmcd",
"PID": 5111982,
"ParentPID": 3997920,
"Thread": 20512883,
"EventTime": "2021-09-08T01:52:26.968535-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:52:27.022775-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00112067442mGMa4",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26083357,
"EventTime": "2021-09-08T01:52:26.968535-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:52:27.023208-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371654,
"ParentPID": 6684890,
"Thread": 36831363,
"EventTime": "2021-09-08T01:55:00.018359-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:55:00.207344-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371654,
"ParentPID": 6684890,
"Thread": 36831363,
"EventTime": "2021-09-08T01:55:00.018359-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:55:00.207855-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 00:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371654,
"ParentPID": 6684890,
"Thread": 36831363,
"EventTime": "2021-09-08T01:55:00.018359-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:55:00.208319-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371654,
"ParentPID": 6684890,
"Thread": 36831363,
"EventTime": "2021-09-08T01:55:00.018359-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:55:00.208772-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10289238",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9240772,
"ParentPID": 10289238,
"Thread": 39780575,
"EventTime": "2021-09-08T01:55:00.036525-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:55:00.209107-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /var/ct/cfg/ct_has.thl.pend topath: /var/ct/cfg/ct_has.thl",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26214433,
"EventTime": "2021-09-08T01:57:46.540781-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:57:46.601924-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/ct/cfg/ct_has.thl.pend",
"Status": 1,
"EventType": "FILE_Unlink",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26214433,
"EventTime": "2021-09-08T01:57:46.540781-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:57:46.602712-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "chrmcacl",
"PID": 10289240,
"ParentPID": 11206744,
"Thread": 42467479,
"EventTime": "2021-09-08T01:57:46.567368-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:57:46.603473-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "linkname /var/ct/cfg/ctrmc.acls filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Link",
"Command": "chrmcacl",
"PID": 10289240,
"ParentPID": 11206744,
"Thread": 42467479,
"EventTime": "2021-09-08T01:57:46.567368-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:57:46.604224-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /var/ct/cfg/ctrmc.acls.10289240 topath: /var/ct/cfg/ctrmc.acls",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "chrmcacl",
"PID": 10289240,
"ParentPID": 11206744,
"Thread": 42467479,
"EventTime": "2021-09-08T01:57:46.567368-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:57:46.604977-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "chrmcacl",
"PID": 10289242,
"ParentPID": 11206744,
"Thread": 42467481,
"EventTime": "2021-09-08T01:57:46.590836-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:57:46.605722-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "linkname /var/ct/cfg/ctrmc.acls filename /var/ct/cfg/ctrmc.acls.orig",
"Status": 0,
"EventType": "FILE_Link",
"Command": "chrmcacl",
"PID": 10289242,
"ParentPID": 11206744,
"Thread": 42467481,
"EventTime": "2021-09-08T01:57:46.590836-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:57:46.606456-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /var/ct/cfg/ctrmc.acls.10289242 topath: /var/ct/cfg/ctrmc.acls",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "chrmcacl",
"PID": 10289242,
"ParentPID": 11206744,
"Thread": 42467481,
"EventTime": "2021-09-08T01:57:46.590836-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:57:46.607191-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005111982EUt7a5",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rmcd",
"PID": 5111982,
"ParentPID": 3997920,
"Thread": 20512883,
"EventTime": "2021-09-08T01:57:46.590836-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:57:46.607967-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011206744EUGMa5",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "IBM.MgmtDomainRMd",
"PID": 11206744,
"ParentPID": 3997920,
"Thread": 26214433,
"EventTime": "2021-09-08T01:57:46.590836-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T01:57:46.608742-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289244,
"ParentPID": 6684890,
"Thread": 43712677,
"EventTime": "2021-09-08T02:00:00.034383-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:00:00.326025-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289244,
"ParentPID": 6684890,
"Thread": 43712677,
"EventTime": "2021-09-08T02:00:00.034383-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:00:00.326858-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 01:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10289244,
"ParentPID": 6684890,
"Thread": 43712677,
"EventTime": "2021-09-08T02:00:00.034383-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:00:00.327619-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10289244,
"ParentPID": 6684890,
"Thread": 43712677,
"EventTime": "2021-09-08T02:00:00.034383-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:00:00.328363-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009240794KI0qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240794,
"ParentPID": 10289256,
"Thread": 49217739,
"EventTime": "2021-09-08T02:04:06.386245-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:04:06.392583-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10289264,
"ParentPID": 9371660,
"Thread": 38338751,
"EventTime": "2021-09-08T02:04:06.396247-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:04:06.694912-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009240818Li0qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240818,
"ParentPID": 10289266,
"Thread": 49217763,
"EventTime": "2021-09-08T02:04:06.456260-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:04:06.695433-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371662,
"ParentPID": 6684890,
"Thread": 44826663,
"EventTime": "2021-09-08T02:05:00.042339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:05:00.162221-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371662,
"ParentPID": 6684890,
"Thread": 44826663,
"EventTime": "2021-09-08T02:05:00.042339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:05:00.162714-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 01:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371662,
"ParentPID": 6684890,
"Thread": 44826663,
"EventTime": "2021-09-08T02:05:00.042339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:05:00.163220-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371662,
"ParentPID": 6684890,
"Thread": 44826663,
"EventTime": "2021-09-08T02:05:00.042339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:05:00.163688-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371664,
"ParentPID": 5439688,
"Thread": 44826665,
"EventTime": "2021-09-08T02:05:46.840339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:05:47.050942-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371666,
"ParentPID": 5439688,
"Thread": 44826667,
"EventTime": "2021-09-08T02:05:47.962304-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:05:48.253410-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371668,
"ParentPID": 5439688,
"Thread": 44826669,
"EventTime": "2021-09-08T02:05:48.229662-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:05:48.253925-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371670,
"ParentPID": 5439688,
"Thread": 44826671,
"EventTime": "2021-09-08T02:05:48.353039-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:05:48.560938-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371672,
"ParentPID": 5439688,
"Thread": 44826673,
"EventTime": "2021-09-08T02:05:48.613548-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:05:48.864610-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371674,
"ParentPID": 5439688,
"Thread": 44826675,
"EventTime": "2021-09-08T02:05:48.882592-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:05:49.170901-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371676,
"ParentPID": 5439688,
"Thread": 44826677,
"EventTime": "2021-09-08T02:05:49.141550-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:05:49.171416-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371678,
"ParentPID": 5439688,
"Thread": 44826679,
"EventTime": "2021-09-08T02:05:49.395069-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:05:49.475792-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371680,
"ParentPID": 5439688,
"Thread": 44826681,
"EventTime": "2021-09-08T02:05:50.650339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:05:50.688157-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371682,
"ParentPID": 5439688,
"Thread": 44826683,
"EventTime": "2021-09-08T02:05:50.900339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:05:50.990890-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371684,
"ParentPID": 6684890,
"Thread": 38535325,
"EventTime": "2021-09-08T02:10:00.045587-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:10:00.295965-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371684,
"ParentPID": 6684890,
"Thread": 38535325,
"EventTime": "2021-09-08T02:10:00.045587-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:10:00.296494-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 01:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371684,
"ParentPID": 6684890,
"Thread": 38535325,
"EventTime": "2021-09-08T02:10:00.045587-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:10:00.296973-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371684,
"ParentPID": 6684890,
"Thread": 38535325,
"EventTime": "2021-09-08T02:10:00.045587-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:10:00.297436-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371686,
"ParentPID": 6684890,
"Thread": 41812073,
"EventTime": "2021-09-08T02:15:00.052340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:15:00.090762-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371686,
"ParentPID": 6684890,
"Thread": 41812073,
"EventTime": "2021-09-08T02:15:00.052340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:15:00.091266-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 01:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371686,
"ParentPID": 6684890,
"Thread": 41812073,
"EventTime": "2021-09-08T02:15:00.052340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:15:00.091723-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371686,
"ParentPID": 6684890,
"Thread": 41812073,
"EventTime": "2021-09-08T02:15:00.052340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:15:00.092167-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009240584Fa0qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240584,
"ParentPID": 10289276,
"Thread": 45875253,
"EventTime": "2021-09-08T02:19:06.573365-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:19:06.704282-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10289284,
"ParentPID": 9371688,
"Thread": 49938531,
"EventTime": "2021-09-08T02:19:06.587664-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:19:06.705092-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009240608FM0qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240608,
"ParentPID": 10289286,
"Thread": 45875277,
"EventTime": "2021-09-08T02:19:06.687762-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:19:06.705810-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289288,
"ParentPID": 6684890,
"Thread": 37552247,
"EventTime": "2021-09-08T02:20:00.054011-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:20:00.195167-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289288,
"ParentPID": 6684890,
"Thread": 37552247,
"EventTime": "2021-09-08T02:20:00.054011-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:20:00.195983-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 01:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10289288,
"ParentPID": 6684890,
"Thread": 37552247,
"EventTime": "2021-09-08T02:20:00.054011-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:20:00.196732-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10289288,
"ParentPID": 6684890,
"Thread": 37552247,
"EventTime": "2021-09-08T02:20:00.054011-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:20:00.197467-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289290,
"ParentPID": 6684890,
"Thread": 47644871,
"EventTime": "2021-09-08T02:25:00.061341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:25:00.089978-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289290,
"ParentPID": 6684890,
"Thread": 47644871,
"EventTime": "2021-09-08T02:25:00.061341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:25:00.090745-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 01:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10289290,
"ParentPID": 6684890,
"Thread": 47644871,
"EventTime": "2021-09-08T02:25:00.070113-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:25:00.091571-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10289290,
"ParentPID": 6684890,
"Thread": 47644871,
"EventTime": "2021-09-08T02:25:00.070113-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:25:00.092375-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289292,
"ParentPID": 6684890,
"Thread": 33882147,
"EventTime": "2021-09-08T02:30:00.072183-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:30:00.157669-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289292,
"ParentPID": 6684890,
"Thread": 33882147,
"EventTime": "2021-09-08T02:30:00.072183-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:30:00.158166-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 01:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10289292,
"ParentPID": 6684890,
"Thread": 33882147,
"EventTime": "2021-09-08T02:30:00.072183-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:30:00.158622-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10289292,
"ParentPID": 6684890,
"Thread": 33882147,
"EventTime": "2021-09-08T02:30:00.072183-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:30:00.159062-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09044116",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10551388,
"ParentPID": 9044116,
"Thread": 20906091,
"EventTime": "2021-09-08T02:30:00.082185-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:30:00.159384-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9044118,
"ParentPID": 5439688,
"Thread": 29491351,
"EventTime": "2021-09-08T02:32:06.967339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:07.186823-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10289294.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10289294,
"ParentPID": 9044118,
"Thread": 33882149,
"EventTime": "2021-09-08T02:32:07.097339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:07.187315-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10289294",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10551404,
"ParentPID": 10289294,
"Thread": 39518425,
"EventTime": "2021-09-08T02:32:07.117339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:07.187791-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10551404,
"ParentPID": 10289294,
"Thread": 39518425,
"EventTime": "2021-09-08T02:32:07.121052-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:07.188237-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551408aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551408,
"ParentPID": 10289294,
"Thread": 39518429,
"EventTime": "2021-09-08T02:32:07.127339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:07.188712-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551408aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551408,
"ParentPID": 10289294,
"Thread": 39518429,
"EventTime": "2021-09-08T02:32:07.127339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:07.189151-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551408aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551408,
"ParentPID": 10289294,
"Thread": 39518429,
"EventTime": "2021-09-08T02:32:07.127339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:07.189583-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10289294/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10551410,
"ParentPID": 10289294,
"Thread": 39518431,
"EventTime": "2021-09-08T02:32:07.137339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:07.190008-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10289294",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10551412,
"ParentPID": 10289294,
"Thread": 39518433,
"EventTime": "2021-09-08T02:32:07.137339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:07.190444-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10289296,
"ParentPID": 9044118,
"Thread": 33882151,
"EventTime": "2021-09-08T02:32:07.137339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:07.190870-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289296,
"ParentPID": 9044118,
"Thread": 33882151,
"EventTime": "2021-09-08T02:32:07.137339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:07.191299-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9044120,
"ParentPID": 5439688,
"Thread": 29491353,
"EventTime": "2021-09-08T02:32:07.547964-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:07.798856-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10289298.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10289298,
"ParentPID": 9044120,
"Thread": 33882153,
"EventTime": "2021-09-08T02:32:07.678180-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:07.799356-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10289298",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10551428,
"ParentPID": 10289298,
"Thread": 39518449,
"EventTime": "2021-09-08T02:32:07.698184-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:07.799805-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10551428,
"ParentPID": 10289298,
"Thread": 39518449,
"EventTime": "2021-09-08T02:32:07.708186-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:07.800244-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551432aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551432,
"ParentPID": 10289298,
"Thread": 39518453,
"EventTime": "2021-09-08T02:32:07.708186-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:07.800683-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551432aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551432,
"ParentPID": 10289298,
"Thread": 39518453,
"EventTime": "2021-09-08T02:32:07.716050-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:07.801120-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551432aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551432,
"ParentPID": 10289298,
"Thread": 39518453,
"EventTime": "2021-09-08T02:32:07.718188-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:07.801555-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10289298/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10551438,
"ParentPID": 10289298,
"Thread": 39518459,
"EventTime": "2021-09-08T02:32:07.721401-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:07.801981-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10289298",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10551440,
"ParentPID": 10289298,
"Thread": 39518461,
"EventTime": "2021-09-08T02:32:07.721401-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:07.802418-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10289300,
"ParentPID": 9044120,
"Thread": 33882155,
"EventTime": "2021-09-08T02:32:07.728190-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:07.802846-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289300,
"ParentPID": 9044120,
"Thread": 33882155,
"EventTime": "2021-09-08T02:32:07.728190-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:07.803282-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9044122,
"ParentPID": 5439688,
"Thread": 29491355,
"EventTime": "2021-09-08T02:32:08.747339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:09.010828-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10289302.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10289302,
"ParentPID": 9044122,
"Thread": 33882157,
"EventTime": "2021-09-08T02:32:08.877339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:09.011335-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10289302",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10551456,
"ParentPID": 10289302,
"Thread": 39518221,
"EventTime": "2021-09-08T02:32:08.897339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:09.011792-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10551456,
"ParentPID": 10289302,
"Thread": 39518221,
"EventTime": "2021-09-08T02:32:08.900134-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:09.012245-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551460aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551460,
"ParentPID": 10289302,
"Thread": 39518225,
"EventTime": "2021-09-08T02:32:08.907339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:09.012691-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551460aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551460,
"ParentPID": 10289302,
"Thread": 39518225,
"EventTime": "2021-09-08T02:32:08.910136-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:09.013134-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551460aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551460,
"ParentPID": 10289302,
"Thread": 39518225,
"EventTime": "2021-09-08T02:32:08.910136-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:09.013572-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10289302/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10551462,
"ParentPID": 10289302,
"Thread": 39518227,
"EventTime": "2021-09-08T02:32:08.917339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:09.014004-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10289302",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10551464,
"ParentPID": 10289302,
"Thread": 39518229,
"EventTime": "2021-09-08T02:32:08.917339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:09.014443-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10289304,
"ParentPID": 9044122,
"Thread": 33882159,
"EventTime": "2021-09-08T02:32:08.920139-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:09.014873-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289304,
"ParentPID": 9044122,
"Thread": 33882159,
"EventTime": "2021-09-08T02:32:08.920139-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:09.015305-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9044126,
"ParentPID": 5439688,
"Thread": 29491359,
"EventTime": "2021-09-08T02:32:20.499223-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:20.740188-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9044128,
"ParentPID": 5439688,
"Thread": 29491361,
"EventTime": "2021-09-08T02:32:21.874695-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:21.952290-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9044130,
"ParentPID": 5439688,
"Thread": 29491363,
"EventTime": "2021-09-08T02:32:23.246339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:23.464985-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9044132,
"ParentPID": 5439688,
"Thread": 29491365,
"EventTime": "2021-09-08T02:32:24.629690-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:24.676703-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10289306.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10289306,
"ParentPID": 9044132,
"Thread": 33882161,
"EventTime": "2021-09-08T02:32:24.756666-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:24.977464-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10289306",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10551480,
"ParentPID": 10289306,
"Thread": 39518245,
"EventTime": "2021-09-08T02:32:24.786356-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:24.977913-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10551480,
"ParentPID": 10289306,
"Thread": 39518245,
"EventTime": "2021-09-08T02:32:24.786671-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:24.978362-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551484aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551484,
"ParentPID": 10289306,
"Thread": 39518249,
"EventTime": "2021-09-08T02:32:24.796340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:24.978773-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551484aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551484,
"ParentPID": 10289306,
"Thread": 39518249,
"EventTime": "2021-09-08T02:32:24.796673-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:24.979179-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551484aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551484,
"ParentPID": 10289306,
"Thread": 39518249,
"EventTime": "2021-09-08T02:32:24.796673-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:24.979579-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10289306/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10551486,
"ParentPID": 10289306,
"Thread": 39518251,
"EventTime": "2021-09-08T02:32:24.806674-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:24.979980-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10289306",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10551488,
"ParentPID": 10289306,
"Thread": 39518253,
"EventTime": "2021-09-08T02:32:24.806674-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:24.980387-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10289308,
"ParentPID": 9044132,
"Thread": 33882163,
"EventTime": "2021-09-08T02:32:24.806674-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:24.980798-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289308,
"ParentPID": 9044132,
"Thread": 33882163,
"EventTime": "2021-09-08T02:32:24.806674-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:24.981207-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9044134,
"ParentPID": 5439688,
"Thread": 29491367,
"EventTime": "2021-09-08T02:32:26.066339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:26.182102-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10289310.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10289310,
"ParentPID": 9044134,
"Thread": 33882165,
"EventTime": "2021-09-08T02:32:26.188972-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:26.486852-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10289310",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10551504,
"ParentPID": 10289310,
"Thread": 39518269,
"EventTime": "2021-09-08T02:32:26.208976-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:26.487287-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10551504,
"ParentPID": 10289310,
"Thread": 39518269,
"EventTime": "2021-09-08T02:32:26.218977-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:26.487735-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551508aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551508,
"ParentPID": 10289310,
"Thread": 39518273,
"EventTime": "2021-09-08T02:32:26.218977-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:26.488144-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551508aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551508,
"ParentPID": 10289310,
"Thread": 39518273,
"EventTime": "2021-09-08T02:32:26.226340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:26.488548-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10551508aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10551508,
"ParentPID": 10289310,
"Thread": 39518273,
"EventTime": "2021-09-08T02:32:26.226340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:26.488950-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10289310/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10551510,
"ParentPID": 10289310,
"Thread": 39518275,
"EventTime": "2021-09-08T02:32:26.228979-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:26.489353-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10289310",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10551512,
"ParentPID": 10289310,
"Thread": 39518277,
"EventTime": "2021-09-08T02:32:26.236425-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:26.489766-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10289312,
"ParentPID": 9044134,
"Thread": 33882167,
"EventTime": "2021-09-08T02:32:26.236425-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:26.490180-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10289312,
"ParentPID": 9044134,
"Thread": 33882167,
"EventTime": "2021-09-08T02:32:26.236425-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:26.490616-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9044136,
"ParentPID": 5439688,
"Thread": 29491369,
"EventTime": "2021-09-08T02:32:27.491114-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:32:27.691992-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-08T02:33:09.065340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:33:09.147285-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC001055153403Eqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10551534,
"ParentPID": 10289322,
"Thread": 35520621,
"EventTime": "2021-09-08T02:34:06.764243-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:34:06.830525-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10551536",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 11468830,
"ParentPID": 10551536,
"Thread": 47644887,
"EventTime": "2021-09-08T02:34:06.774244-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:34:06.830844-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11468834,
"ParentPID": 9044138,
"Thread": 47644891,
"EventTime": "2021-09-08T02:34:06.784247-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:34:06.831246-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00105513040YEqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10551304,
"ParentPID": 11468836,
"Thread": 35520647,
"EventTime": "2021-09-08T02:34:06.844258-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:34:07.133857-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468838,
"ParentPID": 6684890,
"Thread": 22937627,
"EventTime": "2021-09-08T02:35:00.085256-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:35:00.302876-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468838,
"ParentPID": 6684890,
"Thread": 22937627,
"EventTime": "2021-09-08T02:35:00.085256-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:35:00.303316-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 01:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468838,
"ParentPID": 6684890,
"Thread": 22937627,
"EventTime": "2021-09-08T02:35:00.085256-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:35:00.303769-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468838,
"ParentPID": 6684890,
"Thread": 22937627,
"EventTime": "2021-09-08T02:35:00.085256-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:35:00.304180-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468840,
"ParentPID": 6684890,
"Thread": 31195277,
"EventTime": "2021-09-08T02:40:00.091340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:40:00.367550-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468840,
"ParentPID": 6684890,
"Thread": 31195277,
"EventTime": "2021-09-08T02:40:00.091340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:40:00.368124-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 01:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468840,
"ParentPID": 6684890,
"Thread": 31195277,
"EventTime": "2021-09-08T02:40:00.091340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:40:00.368607-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468840,
"ParentPID": 6684890,
"Thread": 31195277,
"EventTime": "2021-09-08T02:40:00.091340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:40:00.369071-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468842,
"ParentPID": 5439688,
"Thread": 45940753,
"EventTime": "2021-09-08T02:41:06.719339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:41:06.749045-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468844,
"ParentPID": 6684890,
"Thread": 45940763,
"EventTime": "2021-09-08T02:45:00.094937-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:45:00.139634-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468844,
"ParentPID": 6684890,
"Thread": 45940763,
"EventTime": "2021-09-08T02:45:00.094937-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:45:00.140449-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 01:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468844,
"ParentPID": 6684890,
"Thread": 45940763,
"EventTime": "2021-09-08T02:45:00.094937-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:45:00.141205-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468844,
"ParentPID": 6684890,
"Thread": 45940763,
"EventTime": "2021-09-08T02:45:00.094937-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:45:00.142067-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00090441604Q97aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9044160,
"ParentPID": 10551314,
"Thread": 49938557,
"EventTime": "2021-09-08T02:49:06.957011-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:49:07.167915-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10551322,
"ParentPID": 11468846,
"Thread": 29950139,
"EventTime": "2021-09-08T02:49:06.977017-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:49:07.168663-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00090441845797aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9044184,
"ParentPID": 10551324,
"Thread": 49938581,
"EventTime": "2021-09-08T02:49:07.072366-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:49:07.169396-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468848,
"ParentPID": 6684890,
"Thread": 41549901,
"EventTime": "2021-09-08T02:50:00.106314-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:50:00.312028-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468848,
"ParentPID": 6684890,
"Thread": 41549901,
"EventTime": "2021-09-08T02:50:00.106314-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:50:00.312851-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 01:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468848,
"ParentPID": 6684890,
"Thread": 41549901,
"EventTime": "2021-09-08T02:50:00.106314-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:50:00.313620-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468848,
"ParentPID": 6684890,
"Thread": 41549901,
"EventTime": "2021-09-08T02:50:00.106314-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:50:00.314368-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551328,
"ParentPID": 6684890,
"Thread": 27984101,
"EventTime": "2021-09-08T02:55:00.114269-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:55:00.264706-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551328,
"ParentPID": 6684890,
"Thread": 27984101,
"EventTime": "2021-09-08T02:55:00.114269-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:55:00.265479-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 01:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551328,
"ParentPID": 6684890,
"Thread": 27984101,
"EventTime": "2021-09-08T02:55:00.114269-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:55:00.266241-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551328,
"ParentPID": 6684890,
"Thread": 27984101,
"EventTime": "2021-09-08T02:55:00.114269-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T02:55:00.267065-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551330,
"ParentPID": 6684890,
"Thread": 36307101,
"EventTime": "2021-09-08T03:00:00.126403-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:00:00.187369-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10551330,
"ParentPID": 6684890,
"Thread": 36307101,
"EventTime": "2021-09-08T03:00:00.126403-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:00:00.188188-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 02:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10551330,
"ParentPID": 6684890,
"Thread": 36307101,
"EventTime": "2021-09-08T03:00:00.126403-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:00:00.188943-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10551330,
"ParentPID": 6684890,
"Thread": 36307101,
"EventTime": "2021-09-08T03:00:00.126403-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:00:00.189687-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009044206yq97aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9044206,
"ParentPID": 10551342,
"Thread": 33423587,
"EventTime": "2021-09-08T03:04:07.154933-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:04:07.391568-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10551350,
"ParentPID": 11468856,
"Thread": 36044973,
"EventTime": "2021-09-08T03:04:07.164934-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:04:07.392066-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009043974yI97aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9043974,
"ParentPID": 10551352,
"Thread": 33423611,
"EventTime": "2021-09-08T03:04:07.230307-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:04:07.392572-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468858,
"ParentPID": 6684890,
"Thread": 39321817,
"EventTime": "2021-09-08T03:05:00.130340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:05:00.253134-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468858,
"ParentPID": 6684890,
"Thread": 39321817,
"EventTime": "2021-09-08T03:05:00.130340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:05:00.253649-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 02:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468858,
"ParentPID": 6684890,
"Thread": 39321817,
"EventTime": "2021-09-08T03:05:00.130340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:05:00.254119-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468858,
"ParentPID": 6684890,
"Thread": 39321817,
"EventTime": "2021-09-08T03:05:00.130340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:05:00.254577-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468860,
"ParentPID": 6684890,
"Thread": 20840699,
"EventTime": "2021-09-08T03:10:00.133236-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:10:00.152391-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468860,
"ParentPID": 6684890,
"Thread": 20840699,
"EventTime": "2021-09-08T03:10:00.133236-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:10:00.153217-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 02:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468860,
"ParentPID": 6684890,
"Thread": 20840699,
"EventTime": "2021-09-08T03:10:00.133236-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:10:00.153988-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468860,
"ParentPID": 6684890,
"Thread": 20840699,
"EventTime": "2021-09-08T03:10:00.133236-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:10:00.154734-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468862,
"ParentPID": 6684890,
"Thread": 40501469,
"EventTime": "2021-09-08T03:15:00.140859-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:15:00.364782-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468862,
"ParentPID": 6684890,
"Thread": 40501469,
"EventTime": "2021-09-08T03:15:00.140859-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:15:00.365611-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 02:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468862,
"ParentPID": 6684890,
"Thread": 40501469,
"EventTime": "2021-09-08T03:15:00.150343-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:15:00.366369-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468862,
"ParentPID": 6684890,
"Thread": 40501469,
"EventTime": "2021-09-08T03:15:00.150862-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:15:00.367109-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009043996sE97aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9043996,
"ParentPID": 10551362,
"Thread": 43843667,
"EventTime": "2021-09-08T03:19:07.351341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:19:07.651980-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10551370,
"ParentPID": 11468864,
"Thread": 42926137,
"EventTime": "2021-09-08T03:19:07.363265-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:19:07.652776-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011010134tyGaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11010134,
"ParentPID": 10485948,
"Thread": 47382705,
"EventTime": "2021-09-08T03:19:07.463302-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:19:07.653529-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485950,
"ParentPID": 6684890,
"Thread": 47710395,
"EventTime": "2021-09-08T03:20:00.156748-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:20:00.212719-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485950,
"ParentPID": 6684890,
"Thread": 47710395,
"EventTime": "2021-09-08T03:20:00.156748-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:20:00.213531-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 02:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485950,
"ParentPID": 6684890,
"Thread": 47710395,
"EventTime": "2021-09-08T03:20:00.160340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:20:00.214287-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485950,
"ParentPID": 6684890,
"Thread": 47710395,
"EventTime": "2021-09-08T03:20:00.160340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:20:00.215030-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485952,
"ParentPID": 6684890,
"Thread": 39321853,
"EventTime": "2021-09-08T03:25:00.164861-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:25:00.390928-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485952,
"ParentPID": 6684890,
"Thread": 39321853,
"EventTime": "2021-09-08T03:25:00.164861-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:25:00.391750-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 02:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485952,
"ParentPID": 6684890,
"Thread": 39321853,
"EventTime": "2021-09-08T03:25:00.169341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:25:00.392495-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485952,
"ParentPID": 6684890,
"Thread": 39321853,
"EventTime": "2021-09-08T03:25:00.169341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:25:00.393237-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10485954",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9044002,
"ParentPID": 10485954,
"Thread": 46792745,
"EventTime": "2021-09-08T03:25:00.189998-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:25:00.393783-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485956,
"ParentPID": 6684890,
"Thread": 50462775,
"EventTime": "2021-09-08T03:30:00.172013-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:30:00.337961-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485956,
"ParentPID": 6684890,
"Thread": 50462775,
"EventTime": "2021-09-08T03:30:00.172013-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:30:00.338735-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 02:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485956,
"ParentPID": 6684890,
"Thread": 50462775,
"EventTime": "2021-09-08T03:30:00.179340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:30:00.339570-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485956,
"ParentPID": 6684890,
"Thread": 50462775,
"EventTime": "2021-09-08T03:30:00.179340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:30:00.340331-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-08T03:33:08.943340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:33:09.038467-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010551394nyEqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10551394,
"ParentPID": 9044012,
"Thread": 31916255,
"EventTime": "2021-09-08T03:34:07.597588-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:34:07.618592-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9044020,
"ParentPID": 10485960,
"Thread": 45416661,
"EventTime": "2021-09-08T03:34:07.611340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:34:07.619350-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010551416oeEqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10551416,
"ParentPID": 8192238,
"Thread": 31916277,
"EventTime": "2021-09-08T03:34:07.707630-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:34:07.922184-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044022,
"ParentPID": 6684890,
"Thread": 36045007,
"EventTime": "2021-09-08T03:35:00.179457-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:35:00.200186-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044022,
"ParentPID": 6684890,
"Thread": 36045007,
"EventTime": "2021-09-08T03:35:00.179457-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:35:00.200992-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 02:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9044022,
"ParentPID": 6684890,
"Thread": 36045007,
"EventTime": "2021-09-08T03:35:00.179457-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:35:00.201735-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9044022,
"ParentPID": 6684890,
"Thread": 36045007,
"EventTime": "2021-09-08T03:35:00.189459-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:35:00.202466-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044026,
"ParentPID": 6684890,
"Thread": 44302403,
"EventTime": "2021-09-08T03:40:00.191187-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:40:00.384094-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044026,
"ParentPID": 6684890,
"Thread": 44302403,
"EventTime": "2021-09-08T03:40:00.191187-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:40:00.384605-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 02:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9044026,
"ParentPID": 6684890,
"Thread": 44302403,
"EventTime": "2021-09-08T03:40:00.191187-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:40:00.385073-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9044026,
"ParentPID": 6684890,
"Thread": 44302403,
"EventTime": "2021-09-08T03:40:00.191187-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:40:00.385534-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044028,
"ParentPID": 6684890,
"Thread": 36503643,
"EventTime": "2021-09-08T03:45:00.191347-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:45:00.429934-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044028,
"ParentPID": 6684890,
"Thread": 36503643,
"EventTime": "2021-09-08T03:45:00.191347-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:45:00.430451-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 02:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9044028,
"ParentPID": 6684890,
"Thread": 36503643,
"EventTime": "2021-09-08T03:45:00.191347-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:45:00.430919-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9044028,
"ParentPID": 6684890,
"Thread": 36503643,
"EventTime": "2021-09-08T03:45:00.191347-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:45:00.431380-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011010158hMGaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11010158,
"ParentPID": 11468878,
"Thread": 27197613,
"EventTime": "2021-09-08T03:49:07.780341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:49:07.949654-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11468886,
"ParentPID": 9044030,
"Thread": 44433657,
"EventTime": "2021-09-08T03:49:07.795491-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:49:07.950144-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011010182imGaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11010182,
"ParentPID": 11468888,
"Thread": 27197637,
"EventTime": "2021-09-08T03:49:07.855505-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:49:07.950649-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044032,
"ParentPID": 6684890,
"Thread": 30736535,
"EventTime": "2021-09-08T03:50:00.199339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:50:00.215904-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044032,
"ParentPID": 6684890,
"Thread": 30736535,
"EventTime": "2021-09-08T03:50:00.199339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:50:00.216406-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 02:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9044032,
"ParentPID": 6684890,
"Thread": 30736535,
"EventTime": "2021-09-08T03:50:00.199339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:50:00.216872-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9044032,
"ParentPID": 6684890,
"Thread": 30736535,
"EventTime": "2021-09-08T03:50:00.199339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:50:00.217331-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468892,
"ParentPID": 6684890,
"Thread": 48431255,
"EventTime": "2021-09-08T03:55:00.201328-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:55:00.265143-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468892,
"ParentPID": 6684890,
"Thread": 48431255,
"EventTime": "2021-09-08T03:55:00.201328-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:55:00.265956-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 02:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468892,
"ParentPID": 6684890,
"Thread": 48431255,
"EventTime": "2021-09-08T03:55:00.201328-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:55:00.266705-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468892,
"ParentPID": 6684890,
"Thread": 48431255,
"EventTime": "2021-09-08T03:55:00.208340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T03:55:00.267439-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468894,
"ParentPID": 6684890,
"Thread": 36307111,
"EventTime": "2021-09-08T04:00:00.208608-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:00:00.480134-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468894,
"ParentPID": 6684890,
"Thread": 36307111,
"EventTime": "2021-09-08T04:00:00.208608-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:00:00.480945-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 03:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468894,
"ParentPID": 6684890,
"Thread": 36307111,
"EventTime": "2021-09-08T04:00:00.208608-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:00:00.481696-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468894,
"ParentPID": 6684890,
"Thread": 36307111,
"EventTime": "2021-09-08T04:00:00.218611-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:00:00.482437-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011010204byGaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11010204,
"ParentPID": 11468906,
"Thread": 43253899,
"EventTime": "2021-09-08T04:04:07.927834-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:04:08.038460-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11468914,
"ParentPID": 9044040,
"Thread": 35520677,
"EventTime": "2021-09-08T04:04:07.939349-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:04:08.038956-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011010228cuGaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11010228,
"ParentPID": 11468916,
"Thread": 43253923,
"EventTime": "2021-09-08T04:04:08.000341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:04:08.039422-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044042,
"ParentPID": 6684890,
"Thread": 38207675,
"EventTime": "2021-09-08T04:05:00.221646-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:05:00.313914-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044042,
"ParentPID": 6684890,
"Thread": 38207675,
"EventTime": "2021-09-08T04:05:00.221646-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:05:00.314673-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 03:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9044042,
"ParentPID": 6684890,
"Thread": 38207675,
"EventTime": "2021-09-08T04:05:00.221646-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:05:00.315432-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9044042,
"ParentPID": 6684890,
"Thread": 38207675,
"EventTime": "2021-09-08T04:05:00.228340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:05:00.316164-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044044,
"ParentPID": 6684890,
"Thread": 49742051,
"EventTime": "2021-09-08T04:10:00.237220-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:10:00.243893-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044044,
"ParentPID": 6684890,
"Thread": 49742051,
"EventTime": "2021-09-08T04:10:00.237220-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:10:00.244656-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 03:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9044044,
"ParentPID": 6684890,
"Thread": 49742051,
"EventTime": "2021-09-08T04:10:00.238340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:10:00.245411-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9044044,
"ParentPID": 6684890,
"Thread": 49742051,
"EventTime": "2021-09-08T04:10:00.238340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:10:00.246146-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044046,
"ParentPID": 6684890,
"Thread": 42139811,
"EventTime": "2021-09-08T04:15:00.248340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:15:00.430517-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044046,
"ParentPID": 6684890,
"Thread": 42139811,
"EventTime": "2021-09-08T04:15:00.248340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:15:00.431328-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 03:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9044046,
"ParentPID": 6684890,
"Thread": 42139811,
"EventTime": "2021-09-08T04:15:00.248340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:15:00.432079-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9044046,
"ParentPID": 6684890,
"Thread": 42139811,
"EventTime": "2021-09-08T04:15:00.248340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:15:00.432819-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011010250YqGaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11010250,
"ParentPID": 11468926,
"Thread": 46137577,
"EventTime": "2021-09-08T04:19:08.121072-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:19:08.350192-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11468934,
"ParentPID": 9044048,
"Thread": 47251631,
"EventTime": "2021-09-08T04:19:08.141078-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:19:08.350995-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10289396",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 11010252,
"ParentPID": 10289396,
"Thread": 46137579,
"EventTime": "2021-09-08T04:19:08.166033-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:19:08.351570-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008192032Za6qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8192032,
"ParentPID": 9830500,
"Thread": 32243809,
"EventTime": "2021-09-08T04:19:08.239341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:19:08.352296-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044050,
"ParentPID": 6684890,
"Thread": 28901587,
"EventTime": "2021-09-08T04:20:00.258340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:20:00.330481-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044050,
"ParentPID": 6684890,
"Thread": 28901587,
"EventTime": "2021-09-08T04:20:00.258340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:20:00.331293-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 03:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9044050,
"ParentPID": 6684890,
"Thread": 28901587,
"EventTime": "2021-09-08T04:20:00.258340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:20:00.332046-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9044050,
"ParentPID": 6684890,
"Thread": 28901587,
"EventTime": "2021-09-08T04:20:00.258340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:20:00.332802-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044052,
"ParentPID": 6684890,
"Thread": 38600833,
"EventTime": "2021-09-08T04:25:00.260031-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:25:00.449855-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044052,
"ParentPID": 6684890,
"Thread": 38600833,
"EventTime": "2021-09-08T04:25:00.260031-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:25:00.450370-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 03:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9044052,
"ParentPID": 6684890,
"Thread": 38600833,
"EventTime": "2021-09-08T04:25:00.260031-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:25:00.450844-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9044052,
"ParentPID": 6684890,
"Thread": 38600833,
"EventTime": "2021-09-08T04:25:00.267340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:25:00.451306-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044054,
"ParentPID": 6684890,
"Thread": 40697985,
"EventTime": "2021-09-08T04:30:00.267340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:30:00.277724-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044054,
"ParentPID": 6684890,
"Thread": 40697985,
"EventTime": "2021-09-08T04:30:00.267340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:30:00.278537-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 03:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9044054,
"ParentPID": 6684890,
"Thread": 40697985,
"EventTime": "2021-09-08T04:30:00.267340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:30:00.279297-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9044054,
"ParentPID": 6684890,
"Thread": 40697985,
"EventTime": "2021-09-08T04:30:00.267340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:30:00.280043-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-08T04:33:08.821341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:33:08.979259-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009371768SY0Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371768,
"ParentPID": 10485770,
"Thread": 49217541,
"EventTime": "2021-09-08T04:34:08.359341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:34:08.478694-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10485778,
"ParentPID": 9044058,
"Thread": 43122771,
"EventTime": "2021-09-08T04:34:08.375059-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:34:08.479470-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009371792TE0Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371792,
"ParentPID": 10485780,
"Thread": 49217565,
"EventTime": "2021-09-08T04:34:08.472558-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:34:08.480227-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371794,
"ParentPID": 6684890,
"Thread": 30736583,
"EventTime": "2021-09-08T04:35:00.283733-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:35:00.458669-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371794,
"ParentPID": 6684890,
"Thread": 30736583,
"EventTime": "2021-09-08T04:35:00.283733-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:35:00.459475-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 03:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371794,
"ParentPID": 6684890,
"Thread": 30736583,
"EventTime": "2021-09-08T04:35:00.283733-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:35:00.460231-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371794,
"ParentPID": 6684890,
"Thread": 30736583,
"EventTime": "2021-09-08T04:35:00.287341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:35:00.460973-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371796,
"ParentPID": 6684890,
"Thread": 43647195,
"EventTime": "2021-09-08T04:40:00.291417-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:40:00.588726-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371796,
"ParentPID": 6684890,
"Thread": 43647195,
"EventTime": "2021-09-08T04:40:00.291417-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:40:00.589255-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 03:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371796,
"ParentPID": 6684890,
"Thread": 43647195,
"EventTime": "2021-09-08T04:40:00.291417-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:40:00.589723-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371796,
"ParentPID": 6684890,
"Thread": 43647195,
"EventTime": "2021-09-08T04:40:00.291417-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:40:00.590183-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371798,
"ParentPID": 6684890,
"Thread": 44498955,
"EventTime": "2021-09-08T04:45:00.297340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:45:00.442727-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371798,
"ParentPID": 6684890,
"Thread": 44498955,
"EventTime": "2021-09-08T04:45:00.297340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:45:00.443535-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 03:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371798,
"ParentPID": 6684890,
"Thread": 44498955,
"EventTime": "2021-09-08T04:45:00.297340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:45:00.444290-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371798,
"ParentPID": 6684890,
"Thread": 44498955,
"EventTime": "2021-09-08T04:45:00.297340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:45:00.445034-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008192064NA6qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8192064,
"ParentPID": 9830532,
"Thread": 49217587,
"EventTime": "2021-09-08T04:49:08.593563-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:49:08.639204-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9830540,
"ParentPID": 9371800,
"Thread": 43647225,
"EventTime": "2021-09-08T04:49:08.611813-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:49:08.640006-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008192088Oq6qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8192088,
"ParentPID": 9830542,
"Thread": 49217611,
"EventTime": "2021-09-08T04:49:08.708374-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:49:08.942564-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371802,
"ParentPID": 6684890,
"Thread": 42008647,
"EventTime": "2021-09-08T04:50:00.307340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:50:00.346020-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371802,
"ParentPID": 6684890,
"Thread": 42008647,
"EventTime": "2021-09-08T04:50:00.307340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:50:00.346836-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 03:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371802,
"ParentPID": 6684890,
"Thread": 42008647,
"EventTime": "2021-09-08T04:50:00.307340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:50:00.347668-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371802,
"ParentPID": 6684890,
"Thread": 42008647,
"EventTime": "2021-09-08T04:50:00.307340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:50:00.348473-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371804,
"ParentPID": 6684890,
"Thread": 48693467,
"EventTime": "2021-09-08T04:55:00.316340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:55:00.542070-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371804,
"ParentPID": 6684890,
"Thread": 48693467,
"EventTime": "2021-09-08T04:55:00.316340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:55:00.542896-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 03:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371804,
"ParentPID": 6684890,
"Thread": 48693467,
"EventTime": "2021-09-08T04:55:00.316340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:55:00.543657-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371804,
"ParentPID": 6684890,
"Thread": 48693467,
"EventTime": "2021-09-08T04:55:00.316340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T04:55:00.544409-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830546,
"ParentPID": 6684890,
"Thread": 47513823,
"EventTime": "2021-09-08T05:00:00.326344-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:00:00.465391-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830546,
"ParentPID": 6684890,
"Thread": 47513823,
"EventTime": "2021-09-08T05:00:00.326344-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:00:00.466160-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 04:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830546,
"ParentPID": 6684890,
"Thread": 47513823,
"EventTime": "2021-09-08T05:00:00.326344-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:00:00.466962-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830546,
"ParentPID": 6684890,
"Thread": 47513823,
"EventTime": "2021-09-08T05:00:00.328955-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:00:00.467758-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008192110Ia6qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8192110,
"ParentPID": 9830558,
"Thread": 46792787,
"EventTime": "2021-09-08T05:04:08.791644-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:04:08.868906-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9830566,
"ParentPID": 9371812,
"Thread": 32243831,
"EventTime": "2021-09-08T05:04:08.798339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:04:08.869413-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008192134I36qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8192134,
"ParentPID": 9830568,
"Thread": 46792811,
"EventTime": "2021-09-08T05:04:08.858339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:04:08.869871-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371814,
"ParentPID": 6684890,
"Thread": 44892163,
"EventTime": "2021-09-08T05:05:00.336342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:05:00.545905-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371814,
"ParentPID": 6684890,
"Thread": 44892163,
"EventTime": "2021-09-08T05:05:00.336342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:05:00.546688-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 04:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371814,
"ParentPID": 6684890,
"Thread": 44892163,
"EventTime": "2021-09-08T05:05:00.336342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:05:00.547498-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371814,
"ParentPID": 6684890,
"Thread": 44892163,
"EventTime": "2021-09-08T05:05:00.339544-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:05:00.548235-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371816,
"ParentPID": 6684890,
"Thread": 31654091,
"EventTime": "2021-09-08T05:10:00.346340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:10:00.443930-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371816,
"ParentPID": 6684890,
"Thread": 31654091,
"EventTime": "2021-09-08T05:10:00.346340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:10:00.444696-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 04:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371816,
"ParentPID": 6684890,
"Thread": 31654091,
"EventTime": "2021-09-08T05:10:00.346340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:10:00.445448-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371816,
"ParentPID": 6684890,
"Thread": 31654091,
"EventTime": "2021-09-08T05:10:00.348905-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:10:00.446185-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09830570",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 8192136,
"ParentPID": 9830570,
"Thread": 50724953,
"EventTime": "2021-09-08T05:10:00.358907-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:10:00.446807-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371818,
"ParentPID": 6684890,
"Thread": 32178199,
"EventTime": "2021-09-08T05:15:00.366340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:15:00.598847-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371818,
"ParentPID": 6684890,
"Thread": 32178199,
"EventTime": "2021-09-08T05:15:00.366340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:15:00.599685-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 04:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371818,
"ParentPID": 6684890,
"Thread": 32178199,
"EventTime": "2021-09-08T05:15:00.371655-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:15:00.600450-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371818,
"ParentPID": 6684890,
"Thread": 32178199,
"EventTime": "2021-09-08T05:15:00.371655-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:15:00.601195-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008192158Cy6qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8192158,
"ParentPID": 9830580,
"Thread": 32833609,
"EventTime": "2021-09-08T05:19:08.987387-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:19:09.081681-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9830588,
"ParentPID": 9371820,
"Thread": 32309275,
"EventTime": "2021-09-08T05:19:08.998340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:19:09.082438-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008192180De6qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8192180,
"ParentPID": 9044074,
"Thread": 32833631,
"EventTime": "2021-09-08T05:19:09.098354-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:19:09.385925-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371822,
"ParentPID": 6684890,
"Thread": 47251645,
"EventTime": "2021-09-08T05:20:00.376340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:20:00.461886-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371822,
"ParentPID": 6684890,
"Thread": 47251645,
"EventTime": "2021-09-08T05:20:00.376340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:20:00.462647-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 04:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371822,
"ParentPID": 6684890,
"Thread": 47251645,
"EventTime": "2021-09-08T05:20:00.376340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:20:00.463400-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371822,
"ParentPID": 6684890,
"Thread": 47251645,
"EventTime": "2021-09-08T05:20:00.376340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:20:00.464137-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371824,
"ParentPID": 6684890,
"Thread": 41418879,
"EventTime": "2021-09-08T05:25:00.386340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:25:00.401093-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371824,
"ParentPID": 6684890,
"Thread": 41418879,
"EventTime": "2021-09-08T05:25:00.386340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:25:00.401848-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 04:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371824,
"ParentPID": 6684890,
"Thread": 41418879,
"EventTime": "2021-09-08T05:25:00.386340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:25:00.402591-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371824,
"ParentPID": 6684890,
"Thread": 41418879,
"EventTime": "2021-09-08T05:25:00.386340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:25:00.403322-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371826,
"ParentPID": 6684890,
"Thread": 45547709,
"EventTime": "2021-09-08T05:30:00.396678-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:30:00.578096-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371826,
"ParentPID": 6684890,
"Thread": 45547709,
"EventTime": "2021-09-08T05:30:00.396678-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:30:00.578908-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 04:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371826,
"ParentPID": 6684890,
"Thread": 45547709,
"EventTime": "2021-09-08T05:30:00.396678-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:30:00.579660-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371826,
"ParentPID": 6684890,
"Thread": 45547709,
"EventTime": "2021-09-08T05:30:00.402144-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:30:00.580400-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-08T05:33:08.699341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:33:08.701794-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00056361908ev7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636190,
"ParentPID": 8192190,
"Thread": 32964777,
"EventTime": "2021-09-08T05:34:09.218538-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:34:09.426143-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192198,
"ParentPID": 9371830,
"Thread": 31195329,
"EventTime": "2021-09-08T05:34:09.238544-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:34:09.426888-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00056362148Mv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636214,
"ParentPID": 8192200,
"Thread": 32964801,
"EventTime": "2021-09-08T05:34:09.329272-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:34:09.427663-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192202,
"ParentPID": 6684890,
"Thread": 31654131,
"EventTime": "2021-09-08T05:35:00.407115-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:35:00.538278-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192202,
"ParentPID": 6684890,
"Thread": 31654131,
"EventTime": "2021-09-08T05:35:00.407115-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:35:00.539103-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 04:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192202,
"ParentPID": 6684890,
"Thread": 31654131,
"EventTime": "2021-09-08T05:35:00.407115-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:35:00.539851-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192202,
"ParentPID": 6684890,
"Thread": 31654131,
"EventTime": "2021-09-08T05:35:00.407115-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:35:00.540588-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192204,
"ParentPID": 6684890,
"Thread": 37421057,
"EventTime": "2021-09-08T05:40:00.415342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:40:00.699876-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192204,
"ParentPID": 6684890,
"Thread": 37421057,
"EventTime": "2021-09-08T05:40:00.415342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:40:00.700694-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 04:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192204,
"ParentPID": 6684890,
"Thread": 37421057,
"EventTime": "2021-09-08T05:40:00.415342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:40:00.701447-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192204,
"ParentPID": 6684890,
"Thread": 37421057,
"EventTime": "2021-09-08T05:40:00.415342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:40:00.702192-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192206,
"ParentPID": 6684890,
"Thread": 28377295,
"EventTime": "2021-09-08T05:45:00.430852-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:45:00.603471-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192206,
"ParentPID": 6684890,
"Thread": 28377295,
"EventTime": "2021-09-08T05:45:00.430852-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:45:00.604233-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 04:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192206,
"ParentPID": 6684890,
"Thread": 28377295,
"EventTime": "2021-09-08T05:45:00.430852-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:45:00.604989-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192206,
"ParentPID": 6684890,
"Thread": 28377295,
"EventTime": "2021-09-08T05:45:00.430852-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:45:00.605861-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00114689922MHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468992,
"ParentPID": 5636224,
"Thread": 42139853,
"EventTime": "2021-09-08T05:49:09.456340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:49:09.462817-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 5636232,
"ParentPID": 8192208,
"Thread": 32768203,
"EventTime": "2021-09-08T05:49:09.476340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:49:09.767173-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC001146901633HMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11469016,
"ParentPID": 5636234,
"Thread": 42139877,
"EventTime": "2021-09-08T05:49:09.572012-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:49:09.767988-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192210,
"ParentPID": 6684890,
"Thread": 37421077,
"EventTime": "2021-09-08T05:50:00.441488-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:50:00.546175-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192210,
"ParentPID": 6684890,
"Thread": 37421077,
"EventTime": "2021-09-08T05:50:00.441488-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:50:00.546982-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 04:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192210,
"ParentPID": 6684890,
"Thread": 37421077,
"EventTime": "2021-09-08T05:50:00.441488-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:50:00.547734-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192210,
"ParentPID": 6684890,
"Thread": 37421077,
"EventTime": "2021-09-08T05:50:00.441488-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:50:00.548467-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192212,
"ParentPID": 6684890,
"Thread": 43384981,
"EventTime": "2021-09-08T05:55:00.444340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:55:00.639973-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192212,
"ParentPID": 6684890,
"Thread": 43384981,
"EventTime": "2021-09-08T05:55:00.444340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:55:00.640489-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 04:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192212,
"ParentPID": 6684890,
"Thread": 43384981,
"EventTime": "2021-09-08T05:55:00.444340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:55:00.640961-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192212,
"ParentPID": 6684890,
"Thread": 43384981,
"EventTime": "2021-09-08T05:55:00.444340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T05:55:00.641417-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192218,
"ParentPID": 6684890,
"Thread": 45744383,
"EventTime": "2021-09-08T06:00:00.444339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:00:00.691519-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192218,
"ParentPID": 6684890,
"Thread": 45744383,
"EventTime": "2021-09-08T06:00:00.444339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:00:00.692047-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 05:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192218,
"ParentPID": 6684890,
"Thread": 45744383,
"EventTime": "2021-09-08T06:00:00.444339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:00:00.692518-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192218,
"ParentPID": 6684890,
"Thread": 45744383,
"EventTime": "2021-09-08T06:00:00.450483-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:00:00.692976-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009371862wi0Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371862,
"ParentPID": 8192230,
"Thread": 29622317,
"EventTime": "2021-09-08T06:04:09.646534-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:04:09.709902-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192238,
"ParentPID": 10485860,
"Thread": 23658705,
"EventTime": "2021-09-08T06:04:09.661505-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:04:09.710370-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009371886wA0Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371886,
"ParentPID": 8192240,
"Thread": 29622341,
"EventTime": "2021-09-08T06:04:09.726560-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:04:10.016872-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.08192242",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9371888,
"ParentPID": 8192242,
"Thread": 29622343,
"EventTime": "2021-09-08T06:04:09.736591-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:04:10.017231-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192244,
"ParentPID": 6684890,
"Thread": 45350981,
"EventTime": "2021-09-08T06:05:00.446178-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:05:00.481536-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192244,
"ParentPID": 6684890,
"Thread": 45350981,
"EventTime": "2021-09-08T06:05:00.446178-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:05:00.482043-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 05:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192244,
"ParentPID": 6684890,
"Thread": 45350981,
"EventTime": "2021-09-08T06:05:00.446178-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:05:00.482512-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192244,
"ParentPID": 6684890,
"Thread": 45350981,
"EventTime": "2021-09-08T06:05:00.446178-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:05:00.482973-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371892,
"ParentPID": 6684890,
"Thread": 48496859,
"EventTime": "2021-09-08T06:10:00.454561-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:10:00.530448-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371892,
"ParentPID": 6684890,
"Thread": 48496859,
"EventTime": "2021-09-08T06:10:00.454561-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:10:00.530949-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 05:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371892,
"ParentPID": 6684890,
"Thread": 48496859,
"EventTime": "2021-09-08T06:10:00.454561-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:10:00.531411-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371892,
"ParentPID": 6684890,
"Thread": 48496859,
"EventTime": "2021-09-08T06:10:00.457026-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:10:00.531861-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192254,
"ParentPID": 6684890,
"Thread": 42467515,
"EventTime": "2021-09-08T06:15:00.455915-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:15:00.627236-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192254,
"ParentPID": 6684890,
"Thread": 42467515,
"EventTime": "2021-09-08T06:15:00.455915-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:15:00.628049-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 05:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192254,
"ParentPID": 6684890,
"Thread": 42467515,
"EventTime": "2021-09-08T06:15:00.455915-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:15:00.628805-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192254,
"ParentPID": 6684890,
"Thread": 42467515,
"EventTime": "2021-09-08T06:15:00.455915-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:15:00.629541-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485882q7Eaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485882,
"ParentPID": 8192010,
"Thread": 48955645,
"EventTime": "2021-09-08T06:19:09.845369-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:19:10.037538-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192018,
"ParentPID": 9371902,
"Thread": 47251689,
"EventTime": "2021-09-08T06:19:09.856451-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:19:10.038341-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485906rqEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485906,
"ParentPID": 8192020,
"Thread": 48955413,
"EventTime": "2021-09-08T06:19:09.956489-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:19:10.039076-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371648,
"ParentPID": 6684890,
"Thread": 48693491,
"EventTime": "2021-09-08T06:20:00.466950-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:20:00.530440-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371648,
"ParentPID": 6684890,
"Thread": 48693491,
"EventTime": "2021-09-08T06:20:00.466950-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:20:00.531202-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 05:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371648,
"ParentPID": 6684890,
"Thread": 48693491,
"EventTime": "2021-09-08T06:20:00.466950-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:20:00.531951-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371648,
"ParentPID": 6684890,
"Thread": 48693491,
"EventTime": "2021-09-08T06:20:00.473340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:20:00.532685-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371650,
"ParentPID": 6684890,
"Thread": 31916077,
"EventTime": "2021-09-08T06:25:00.480953-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:25:00.737805-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371650,
"ParentPID": 6684890,
"Thread": 31916077,
"EventTime": "2021-09-08T06:25:00.480953-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:25:00.738619-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 05:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371650,
"ParentPID": 6684890,
"Thread": 31916077,
"EventTime": "2021-09-08T06:25:00.480953-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:25:00.739363-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371650,
"ParentPID": 6684890,
"Thread": 31916077,
"EventTime": "2021-09-08T06:25:00.483340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:25:00.740104-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371652,
"ParentPID": 6684890,
"Thread": 31588581,
"EventTime": "2021-09-08T06:30:00.491188-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:30:00.592202-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371652,
"ParentPID": 6684890,
"Thread": 31588581,
"EventTime": "2021-09-08T06:30:00.491188-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:30:00.592976-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 05:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371652,
"ParentPID": 6684890,
"Thread": 31588581,
"EventTime": "2021-09-08T06:30:00.493330-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:30:00.593754-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371652,
"ParentPID": 6684890,
"Thread": 31588581,
"EventTime": "2021-09-08T06:30:00.493330-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:30:00.594567-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-08T06:33:08.570101-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:33:08.721361-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009044158lm97aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9044158,
"ParentPID": 10485916,
"Thread": 48955437,
"EventTime": "2021-09-08T06:34:10.084341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:34:10.320155-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10485924,
"ParentPID": 9371656,
"Thread": 48627717,
"EventTime": "2021-09-08T06:34:10.098882-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:34:10.320913-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009044182lY97aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9044182,
"ParentPID": 10485926,
"Thread": 48955461,
"EventTime": "2021-09-08T06:34:10.198924-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:34:10.321652-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485928,
"ParentPID": 6684890,
"Thread": 43188447,
"EventTime": "2021-09-08T06:35:00.502218-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:35:00.797000-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485928,
"ParentPID": 6684890,
"Thread": 43188447,
"EventTime": "2021-09-08T06:35:00.502218-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:35:00.797764-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 05:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485928,
"ParentPID": 6684890,
"Thread": 43188447,
"EventTime": "2021-09-08T06:35:00.503340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:35:00.798521-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485928,
"ParentPID": 6684890,
"Thread": 43188447,
"EventTime": "2021-09-08T06:35:00.503340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:35:00.799273-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289406,
"ParentPID": 6684890,
"Thread": 38404143,
"EventTime": "2021-09-08T06:40:00.507836-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:40:00.689113-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289406,
"ParentPID": 6684890,
"Thread": 38404143,
"EventTime": "2021-09-08T06:40:00.507836-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:40:00.689926-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 05:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10289406,
"ParentPID": 6684890,
"Thread": 38404143,
"EventTime": "2021-09-08T06:40:00.507836-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:40:00.690691-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10289406,
"ParentPID": 6684890,
"Thread": 38404143,
"EventTime": "2021-09-08T06:40:00.512340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:40:00.691435-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289152,
"ParentPID": 6684890,
"Thread": 38076543,
"EventTime": "2021-09-08T06:45:00.520177-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:45:00.562374-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10289152,
"ParentPID": 6684890,
"Thread": 38076543,
"EventTime": "2021-09-08T06:45:00.520177-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:45:00.563145-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 05:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10289152,
"ParentPID": 6684890,
"Thread": 38076543,
"EventTime": "2021-09-08T06:45:00.520177-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:45:00.563955-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10289152,
"ParentPID": 6684890,
"Thread": 38076543,
"EventTime": "2021-09-08T06:45:00.520177-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:45:00.564698-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009830612fUB7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9830612,
"ParentPID": 10485940,
"Thread": 49217693,
"EventTime": "2021-09-08T06:49:10.325028-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:49:10.584653-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10485948,
"ParentPID": 10289154,
"Thread": 40829059,
"EventTime": "2021-09-08T06:49:10.335031-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:49:10.585468-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009830636gEB7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9830636,
"ParentPID": 10485950,
"Thread": 49217717,
"EventTime": "2021-09-08T06:49:10.435069-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:49:10.586214-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044186,
"ParentPID": 6684890,
"Thread": 31326213,
"EventTime": "2021-09-08T06:50:00.528105-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:50:00.753761-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044186,
"ParentPID": 6684890,
"Thread": 31326213,
"EventTime": "2021-09-08T06:50:00.528105-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:50:00.754570-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 05:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9044186,
"ParentPID": 6684890,
"Thread": 31326213,
"EventTime": "2021-09-08T06:50:00.531434-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:50:00.755322-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9044186,
"ParentPID": 6684890,
"Thread": 31326213,
"EventTime": "2021-09-08T06:50:00.532536-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:50:00.756058-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044188,
"ParentPID": 6684890,
"Thread": 35979295,
"EventTime": "2021-09-08T06:55:00.539108-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:55:00.646420-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044188,
"ParentPID": 6684890,
"Thread": 35979295,
"EventTime": "2021-09-08T06:55:00.539108-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:55:00.647242-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 05:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9044188,
"ParentPID": 6684890,
"Thread": 35979295,
"EventTime": "2021-09-08T06:55:00.539108-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:55:00.647984-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9044188,
"ParentPID": 6684890,
"Thread": 35979295,
"EventTime": "2021-09-08T06:55:00.542622-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:55:00.648719-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09044190",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9371660,
"ParentPID": 9044190,
"Thread": 34471939,
"EventTime": "2021-09-08T06:55:00.562369-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T06:55:00.649260-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044194,
"ParentPID": 6684890,
"Thread": 43778147,
"EventTime": "2021-09-08T07:00:00.545875-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:00:00.794685-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044194,
"ParentPID": 6684890,
"Thread": 43778147,
"EventTime": "2021-09-08T07:00:00.545875-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:00:00.795503-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 06:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9044194,
"ParentPID": 6684890,
"Thread": 43778147,
"EventTime": "2021-09-08T07:00:00.551340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:00:00.796260-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9044194,
"ParentPID": 6684890,
"Thread": 43778147,
"EventTime": "2021-09-08T07:00:00.551340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:00:00.797003-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011468840aAHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468840,
"ParentPID": 9044206,
"Thread": 39846009,
"EventTime": "2021-09-08T07:04:10.563348-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:04:10.854195-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9044214,
"ParentPID": 9371668,
"Thread": 46268563,
"EventTime": "2021-09-08T07:04:10.580508-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:04:10.854999-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009240776bu0qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240776,
"ParentPID": 10485954,
"Thread": 33554651,
"EventTime": "2021-09-08T07:04:10.673340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:04:10.855735-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485956,
"ParentPID": 6684890,
"Thread": 46465247,
"EventTime": "2021-09-08T07:05:00.556721-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:05:00.743991-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485956,
"ParentPID": 6684890,
"Thread": 46465247,
"EventTime": "2021-09-08T07:05:00.556721-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:05:00.744791-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 06:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485956,
"ParentPID": 6684890,
"Thread": 46465247,
"EventTime": "2021-09-08T07:05:00.561340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:05:00.745543-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485956,
"ParentPID": 6684890,
"Thread": 46465247,
"EventTime": "2021-09-08T07:05:00.561340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:05:00.746283-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485958,
"ParentPID": 6684890,
"Thread": 32047353,
"EventTime": "2021-09-08T07:10:00.561687-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:10:00.660301-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485958,
"ParentPID": 6684890,
"Thread": 32047353,
"EventTime": "2021-09-08T07:10:00.561687-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:10:00.661111-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 06:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485958,
"ParentPID": 6684890,
"Thread": 32047353,
"EventTime": "2021-09-08T07:10:00.561687-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:10:00.661871-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485958,
"ParentPID": 6684890,
"Thread": 32047353,
"EventTime": "2021-09-08T07:10:00.571691-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:10:00.662666-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485960,
"ParentPID": 6684890,
"Thread": 49217747,
"EventTime": "2021-09-08T07:15:00.572974-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:15:00.866790-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485960,
"ParentPID": 6684890,
"Thread": 49217747,
"EventTime": "2021-09-08T07:15:00.572974-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:15:00.867600-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 06:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485960,
"ParentPID": 6684890,
"Thread": 49217747,
"EventTime": "2021-09-08T07:15:00.581340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:15:00.868352-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485960,
"ParentPID": 6684890,
"Thread": 49217747,
"EventTime": "2021-09-08T07:15:00.582978-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:15:00.869092-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011468864XqHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468864,
"ParentPID": 9043968,
"Thread": 29425879,
"EventTime": "2021-09-08T07:19:10.793999-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:19:10.879224-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9043976,
"ParentPID": 10485962,
"Thread": 38076575,
"EventTime": "2021-09-08T07:19:10.814006-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:19:10.879945-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011468888YaHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468888,
"ParentPID": 9043978,
"Thread": 29425903,
"EventTime": "2021-09-08T07:19:10.914094-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:19:11.181424-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485964,
"ParentPID": 6684890,
"Thread": 39977213,
"EventTime": "2021-09-08T07:20:00.589969-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:20:00.771729-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485964,
"ParentPID": 6684890,
"Thread": 39977213,
"EventTime": "2021-09-08T07:20:00.589969-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:20:00.772489-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 06:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485964,
"ParentPID": 6684890,
"Thread": 39977213,
"EventTime": "2021-09-08T07:20:00.591340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:20:00.773234-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485964,
"ParentPID": 6684890,
"Thread": 39977213,
"EventTime": "2021-09-08T07:20:00.591340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:20:00.773987-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485966,
"ParentPID": 6684890,
"Thread": 46465025,
"EventTime": "2021-09-08T07:25:00.597706-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:25:00.648556-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485966,
"ParentPID": 6684890,
"Thread": 46465025,
"EventTime": "2021-09-08T07:25:00.597706-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:25:00.649374-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 06:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485966,
"ParentPID": 6684890,
"Thread": 46465025,
"EventTime": "2021-09-08T07:25:00.597706-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:25:00.650123-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485966,
"ParentPID": 6684890,
"Thread": 46465025,
"EventTime": "2021-09-08T07:25:00.600340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:25:00.650909-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468892,
"ParentPID": 6684890,
"Thread": 22282413,
"EventTime": "2021-09-08T07:30:00.606113-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:30:00.820840-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468892,
"ParentPID": 6684890,
"Thread": 22282413,
"EventTime": "2021-09-08T07:30:00.606113-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:30:00.821665-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 06:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468892,
"ParentPID": 6684890,
"Thread": 22282413,
"EventTime": "2021-09-08T07:30:00.610340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:30:00.822450-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468892,
"ParentPID": 6684890,
"Thread": 22282413,
"EventTime": "2021-09-08T07:30:00.611553-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:30:00.823199-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-08T07:33:08.455233-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:33:08.612144-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009371698RY0Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371698,
"ParentPID": 10485978,
"Thread": 33030357,
"EventTime": "2021-09-08T07:34:11.035661-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:34:11.112744-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10485986,
"ParentPID": 11468896,
"Thread": 32178261,
"EventTime": "2021-09-08T07:34:11.055670-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:34:11.113569-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009371722SE0Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371722,
"ParentPID": 10485988,
"Thread": 33030381,
"EventTime": "2021-09-08T07:34:11.152340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:34:11.417421-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485990,
"ParentPID": 6684890,
"Thread": 36700363,
"EventTime": "2021-09-08T07:35:00.611234-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:35:00.702275-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485990,
"ParentPID": 6684890,
"Thread": 36700363,
"EventTime": "2021-09-08T07:35:00.611234-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:35:00.703079-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 06:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485990,
"ParentPID": 6684890,
"Thread": 36700363,
"EventTime": "2021-09-08T07:35:00.621237-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:35:00.703823-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485990,
"ParentPID": 6684890,
"Thread": 36700363,
"EventTime": "2021-09-08T07:35:00.622267-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:35:00.704564-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485992,
"ParentPID": 6684890,
"Thread": 39976981,
"EventTime": "2021-09-08T07:40:00.622528-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:40:00.648153-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485992,
"ParentPID": 6684890,
"Thread": 39976981,
"EventTime": "2021-09-08T07:40:00.622528-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:40:00.648918-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 06:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485992,
"ParentPID": 6684890,
"Thread": 39976981,
"EventTime": "2021-09-08T07:40:00.630341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:40:00.649671-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485992,
"ParentPID": 6684890,
"Thread": 39976981,
"EventTime": "2021-09-08T07:40:00.630341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:40:00.650467-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485994,
"ParentPID": 6684890,
"Thread": 38404205,
"EventTime": "2021-09-08T07:45:00.631179-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:45:00.859410-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485994,
"ParentPID": 6684890,
"Thread": 38404205,
"EventTime": "2021-09-08T07:45:00.631179-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:45:00.860178-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 06:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485994,
"ParentPID": 6684890,
"Thread": 38404205,
"EventTime": "2021-09-08T07:45:00.640341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:45:00.860985-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485994,
"ParentPID": 6684890,
"Thread": 38404205,
"EventTime": "2021-09-08T07:45:00.641182-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:45:00.861800-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009830424MEB7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9830424,
"ParentPID": 10289198,
"Thread": 36831453,
"EventTime": "2021-09-08T07:49:11.271340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:49:11.442279-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10289206,
"ParentPID": 10485996,
"Thread": 32833683,
"EventTime": "2021-09-08T07:49:11.291472-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:49:11.443095-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009830448NuB7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9830448,
"ParentPID": 10289208,
"Thread": 36831477,
"EventTime": "2021-09-08T07:49:11.391341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:49:11.443832-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485998,
"ParentPID": 6684890,
"Thread": 48627743,
"EventTime": "2021-09-08T07:50:00.647370-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:50:00.724141-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485998,
"ParentPID": 6684890,
"Thread": 48627743,
"EventTime": "2021-09-08T07:50:00.647370-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:50:00.724952-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 06:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485998,
"ParentPID": 6684890,
"Thread": 48627743,
"EventTime": "2021-09-08T07:50:00.647370-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:50:00.725701-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485998,
"ParentPID": 6684890,
"Thread": 48627743,
"EventTime": "2021-09-08T07:50:00.647370-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:50:00.726430-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10289210",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9830450,
"ParentPID": 10289210,
"Thread": 28049427,
"EventTime": "2021-09-08T07:50:00.664281-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:50:00.726961-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10486000,
"ParentPID": 6684890,
"Thread": 49283115,
"EventTime": "2021-09-08T07:55:00.670443-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:55:00.820678-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10486000,
"ParentPID": 6684890,
"Thread": 49283115,
"EventTime": "2021-09-08T07:55:00.670443-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:55:00.821501-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 06:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10486000,
"ParentPID": 6684890,
"Thread": 49283115,
"EventTime": "2021-09-08T07:55:00.672636-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:55:00.822261-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10486000,
"ParentPID": 6684890,
"Thread": 49283115,
"EventTime": "2021-09-08T07:55:00.672636-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T07:55:00.823009-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10486002,
"ParentPID": 6684890,
"Thread": 28770451,
"EventTime": "2021-09-08T08:00:00.680341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:00:00.719992-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10486002,
"ParentPID": 6684890,
"Thread": 28770451,
"EventTime": "2021-09-08T08:00:00.680341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:00:00.720827-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 07:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10486002,
"ParentPID": 6684890,
"Thread": 28770451,
"EventTime": "2021-09-08T08:00:00.680341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:00:00.721653-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10486002,
"ParentPID": 6684890,
"Thread": 28770451,
"EventTime": "2021-09-08T08:00:00.680341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:00:00.722403-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009830472HuB7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9830472,
"ParentPID": 10289224,
"Thread": 31195361,
"EventTime": "2021-09-08T08:04:11.512341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:04:11.631693-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10289232,
"ParentPID": 10486010,
"Thread": 34996291,
"EventTime": "2021-09-08T08:04:11.532430-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:04:11.632529-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009830496IaB7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9830496,
"ParentPID": 10289234,
"Thread": 31195385,
"EventTime": "2021-09-08T08:04:11.622340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:04:11.633311-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636328,
"ParentPID": 6684890,
"Thread": 35651647,
"EventTime": "2021-09-08T08:05:00.690340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:05:00.912843-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636328,
"ParentPID": 6684890,
"Thread": 35651647,
"EventTime": "2021-09-08T08:05:00.690340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:05:00.913601-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 07:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636328,
"ParentPID": 6684890,
"Thread": 35651647,
"EventTime": "2021-09-08T08:05:00.690340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:05:00.914361-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636328,
"ParentPID": 6684890,
"Thread": 35651647,
"EventTime": "2021-09-08T08:05:00.690340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:05:00.915101-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636330,
"ParentPID": 6684890,
"Thread": 41091145,
"EventTime": "2021-09-08T08:10:00.695606-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:10:00.816345-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636330,
"ParentPID": 6684890,
"Thread": 41091145,
"EventTime": "2021-09-08T08:10:00.695606-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:10:00.816849-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 07:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636330,
"ParentPID": 6684890,
"Thread": 41091145,
"EventTime": "2021-09-08T08:10:00.695606-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:10:00.817319-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636330,
"ParentPID": 6684890,
"Thread": 41091145,
"EventTime": "2021-09-08T08:10:00.695606-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:10:00.817776-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636332,
"ParentPID": 6684890,
"Thread": 32964833,
"EventTime": "2021-09-08T08:15:00.702512-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:15:00.970070-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636332,
"ParentPID": 6684890,
"Thread": 32964833,
"EventTime": "2021-09-08T08:15:00.702512-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:15:00.970954-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 07:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636332,
"ParentPID": 6684890,
"Thread": 32964833,
"EventTime": "2021-09-08T08:15:00.702512-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:15:00.971751-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636332,
"ParentPID": 6684890,
"Thread": 32964833,
"EventTime": "2021-09-08T08:15:00.702512-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:15:00.972511-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485776BYEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485776,
"ParentPID": 9371760,
"Thread": 28377115,
"EventTime": "2021-09-08T08:19:11.747106-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:19:11.825500-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9371768,
"ParentPID": 5636334,
"Thread": 41091175,
"EventTime": "2021-09-08T08:19:11.767112-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:19:11.826247-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485800CIEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485800,
"ParentPID": 9371770,
"Thread": 28377139,
"EventTime": "2021-09-08T08:19:11.867141-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:19:12.128678-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371772,
"ParentPID": 6684890,
"Thread": 33947681,
"EventTime": "2021-09-08T08:20:00.710340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:20:00.808048-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371772,
"ParentPID": 6684890,
"Thread": 33947681,
"EventTime": "2021-09-08T08:20:00.710340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:20:00.808857-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 07:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371772,
"ParentPID": 6684890,
"Thread": 33947681,
"EventTime": "2021-09-08T08:20:00.710340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:20:00.809608-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371772,
"ParentPID": 6684890,
"Thread": 33947681,
"EventTime": "2021-09-08T08:20:00.710340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:20:00.810423-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371774,
"ParentPID": 6684890,
"Thread": 29425683,
"EventTime": "2021-09-08T08:25:00.720340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:25:00.729734-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371774,
"ParentPID": 6684890,
"Thread": 29425683,
"EventTime": "2021-09-08T08:25:00.720340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:25:00.730524-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 07:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371774,
"ParentPID": 6684890,
"Thread": 29425683,
"EventTime": "2021-09-08T08:25:00.724871-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:25:00.731321-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371774,
"ParentPID": 6684890,
"Thread": 29425683,
"EventTime": "2021-09-08T08:25:00.724871-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:25:00.732066-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371776,
"ParentPID": 6684890,
"Thread": 47186121,
"EventTime": "2021-09-08T08:30:00.731590-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:30:00.892917-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371776,
"ParentPID": 6684890,
"Thread": 47186121,
"EventTime": "2021-09-08T08:30:00.731590-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:30:00.893750-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 07:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371776,
"ParentPID": 6684890,
"Thread": 47186121,
"EventTime": "2021-09-08T08:30:00.731590-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:30:00.894516-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371776,
"ParentPID": 6684890,
"Thread": 47186121,
"EventTime": "2021-09-08T08:30:00.740341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:30:00.895267-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-08T08:33:08.333340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:33:08.413444-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00104858227EEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485822,
"ParentPID": 5636344,
"Thread": 42139683,
"EventTime": "2021-09-08T08:34:11.991370-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:34:12.136386-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 5636096,
"ParentPID": 9371780,
"Thread": 34210013,
"EventTime": "2021-09-08T08:34:12.005365-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:34:12.137191-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00104858468yEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485846,
"ParentPID": 5636098,
"Thread": 42139707,
"EventTime": "2021-09-08T08:34:12.105471-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:34:12.137923-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371782,
"ParentPID": 6684890,
"Thread": 42336379,
"EventTime": "2021-09-08T08:35:00.739341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:35:00.809323-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371782,
"ParentPID": 6684890,
"Thread": 42336379,
"EventTime": "2021-09-08T08:35:00.739341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:35:00.810124-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 07:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371782,
"ParentPID": 6684890,
"Thread": 42336379,
"EventTime": "2021-09-08T08:35:00.748321-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:35:00.810929-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371782,
"ParentPID": 6684890,
"Thread": 42336379,
"EventTime": "2021-09-08T08:35:00.749340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:35:00.811669-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371784,
"ParentPID": 6684890,
"Thread": 29425721,
"EventTime": "2021-09-08T08:40:00.753280-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:40:01.054283-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371784,
"ParentPID": 6684890,
"Thread": 29425721,
"EventTime": "2021-09-08T08:40:00.753280-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:40:01.055096-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 07:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371784,
"ParentPID": 6684890,
"Thread": 29425721,
"EventTime": "2021-09-08T08:40:00.758263-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:40:01.055849-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371784,
"ParentPID": 6684890,
"Thread": 29425721,
"EventTime": "2021-09-08T08:40:00.759340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:40:01.056592-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371786,
"ParentPID": 6684890,
"Thread": 49872901,
"EventTime": "2021-09-08T08:45:00.760671-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:45:00.984815-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371786,
"ParentPID": 6684890,
"Thread": 49872901,
"EventTime": "2021-09-08T08:45:00.760671-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:45:00.985587-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 07:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371786,
"ParentPID": 6684890,
"Thread": 49872901,
"EventTime": "2021-09-08T08:45:00.760671-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:45:00.986345-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371786,
"ParentPID": 6684890,
"Thread": 49872901,
"EventTime": "2021-09-08T08:45:00.770674-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:45:00.987087-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.05636100",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10485848,
"ParentPID": 5636100,
"Thread": 43188261,
"EventTime": "2021-09-08T08:45:00.782441-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:45:00.987624-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00104858702yEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485870,
"ParentPID": 5636110,
"Thread": 32768035,
"EventTime": "2021-09-08T08:49:12.230436-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:49:12.531203-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 5636118,
"ParentPID": 9371788,
"Thread": 44826791,
"EventTime": "2021-09-08T08:49:12.241806-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:49:12.532018-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00104858943eEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485894,
"ParentPID": 5636120,
"Thread": 32768059,
"EventTime": "2021-09-08T08:49:12.341843-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:49:12.532765-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371790,
"ParentPID": 6684890,
"Thread": 32047135,
"EventTime": "2021-09-08T08:50:00.790937-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:50:00.898108-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371790,
"ParentPID": 6684890,
"Thread": 32047135,
"EventTime": "2021-09-08T08:50:00.790937-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:50:00.898873-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 07:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371790,
"ParentPID": 6684890,
"Thread": 32047135,
"EventTime": "2021-09-08T08:50:00.790937-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:50:00.899672-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371790,
"ParentPID": 6684890,
"Thread": 32047135,
"EventTime": "2021-09-08T08:50:00.790937-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:50:00.900471-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371792,
"ParentPID": 6684890,
"Thread": 38928575,
"EventTime": "2021-09-08T08:55:00.799340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:55:01.084804-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371792,
"ParentPID": 6684890,
"Thread": 38928575,
"EventTime": "2021-09-08T08:55:00.799340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:55:01.085618-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 07:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371792,
"ParentPID": 6684890,
"Thread": 38928575,
"EventTime": "2021-09-08T08:55:00.799340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:55:01.086364-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371792,
"ParentPID": 6684890,
"Thread": 38928575,
"EventTime": "2021-09-08T08:55:00.799340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T08:55:01.087108-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371794,
"ParentPID": 6684890,
"Thread": 32047155,
"EventTime": "2021-09-08T09:00:00.808340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:00:00.920366-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371794,
"ParentPID": 6684890,
"Thread": 32047155,
"EventTime": "2021-09-08T09:00:00.808340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:00:00.921184-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 08:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371794,
"ParentPID": 6684890,
"Thread": 32047155,
"EventTime": "2021-09-08T09:00:00.808340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:00:00.921947-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371794,
"ParentPID": 6684890,
"Thread": 32047155,
"EventTime": "2021-09-08T09:00:00.808340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:00:00.922693-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636142vMv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636142,
"ParentPID": 10485910,
"Thread": 38928609,
"EventTime": "2021-09-08T09:04:12.423350-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:04:12.600466-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10485918,
"ParentPID": 9371800,
"Thread": 35651685,
"EventTime": "2021-09-08T09:04:12.431531-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:04:12.600938-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636166wmv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636166,
"ParentPID": 10485920,
"Thread": 38928633,
"EventTime": "2021-09-08T09:04:12.491550-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:04:12.601420-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371802,
"ParentPID": 6684890,
"Thread": 46530571,
"EventTime": "2021-09-08T09:05:00.818340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:05:00.959362-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371802,
"ParentPID": 6684890,
"Thread": 46530571,
"EventTime": "2021-09-08T09:05:00.818340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:05:00.960170-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 08:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371802,
"ParentPID": 6684890,
"Thread": 46530571,
"EventTime": "2021-09-08T09:05:00.818340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:05:00.960924-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371802,
"ParentPID": 6684890,
"Thread": 46530571,
"EventTime": "2021-09-08T09:05:00.820223-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:05:00.961679-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371804,
"ParentPID": 6684890,
"Thread": 31588403,
"EventTime": "2021-09-08T09:10:00.828342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:10:01.081286-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371804,
"ParentPID": 6684890,
"Thread": 31588403,
"EventTime": "2021-09-08T09:10:00.828342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:10:01.082095-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 08:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371804,
"ParentPID": 6684890,
"Thread": 31588403,
"EventTime": "2021-09-08T09:10:00.828342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:10:01.082846-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371804,
"ParentPID": 6684890,
"Thread": 31588403,
"EventTime": "2021-09-08T09:10:00.829770-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:10:01.083589-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371806,
"ParentPID": 6684890,
"Thread": 34209795,
"EventTime": "2021-09-08T09:15:00.828628-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:15:01.123538-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371806,
"ParentPID": 6684890,
"Thread": 34209795,
"EventTime": "2021-09-08T09:15:00.828628-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:15:01.124054-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 08:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371806,
"ParentPID": 6684890,
"Thread": 34209795,
"EventTime": "2021-09-08T09:15:00.828628-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:15:01.124524-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371806,
"ParentPID": 6684890,
"Thread": 34209795,
"EventTime": "2021-09-08T09:15:00.828628-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:15:01.124989-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636188pUv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636188,
"ParentPID": 10485930,
"Thread": 29622381,
"EventTime": "2021-09-08T09:19:12.570708-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:19:12.872372-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10485938,
"ParentPID": 9371808,
"Thread": 44236829,
"EventTime": "2021-09-08T09:19:12.586159-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:19:12.872853-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636212quv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636212,
"ParentPID": 10485940,
"Thread": 29622405,
"EventTime": "2021-09-08T09:19:12.648301-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:19:12.873274-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371810,
"ParentPID": 6684890,
"Thread": 50331715,
"EventTime": "2021-09-08T09:20:00.837993-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:20:00.943524-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371810,
"ParentPID": 6684890,
"Thread": 50331715,
"EventTime": "2021-09-08T09:20:00.837993-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:20:00.943997-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 08:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371810,
"ParentPID": 6684890,
"Thread": 50331715,
"EventTime": "2021-09-08T09:20:00.838339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:20:00.944458-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371810,
"ParentPID": 6684890,
"Thread": 50331715,
"EventTime": "2021-09-08T09:20:00.838339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:20:00.944922-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371812,
"ParentPID": 6684890,
"Thread": 49217559,
"EventTime": "2021-09-08T09:25:00.844076-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:25:01.062981-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371812,
"ParentPID": 6684890,
"Thread": 49217559,
"EventTime": "2021-09-08T09:25:00.844076-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:25:01.063793-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 08:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371812,
"ParentPID": 6684890,
"Thread": 49217559,
"EventTime": "2021-09-08T09:25:00.844076-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:25:01.064541-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371812,
"ParentPID": 6684890,
"Thread": 49217559,
"EventTime": "2021-09-08T09:25:00.844076-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:25:01.065294-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371814,
"ParentPID": 6684890,
"Thread": 50331735,
"EventTime": "2021-09-08T09:30:00.853105-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:30:00.972295-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371814,
"ParentPID": 6684890,
"Thread": 50331735,
"EventTime": "2021-09-08T09:30:00.853105-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:30:00.973117-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 08:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371814,
"ParentPID": 6684890,
"Thread": 50331735,
"EventTime": "2021-09-08T09:30:00.853105-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:30:00.973878-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371814,
"ParentPID": 6684890,
"Thread": 50331735,
"EventTime": "2021-09-08T09:30:00.853105-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:30:00.974634-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-08T09:33:08.211339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:33:08.275251-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636234kqv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636234,
"ParentPID": 10485950,
"Thread": 35651713,
"EventTime": "2021-09-08T09:34:12.765011-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:34:12.903423-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10485958,
"ParentPID": 9371818,
"Thread": 36765777,
"EventTime": "2021-09-08T09:34:12.785017-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:34:12.904216-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636258lav7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636258,
"ParentPID": 10485960,
"Thread": 35651737,
"EventTime": "2021-09-08T09:34:12.879340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:34:12.904945-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371820,
"ParentPID": 6684890,
"Thread": 34209831,
"EventTime": "2021-09-08T09:35:00.862651-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:35:00.986992-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371820,
"ParentPID": 6684890,
"Thread": 34209831,
"EventTime": "2021-09-08T09:35:00.862651-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:35:00.987762-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 08:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371820,
"ParentPID": 6684890,
"Thread": 34209831,
"EventTime": "2021-09-08T09:35:00.862651-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:35:00.988559-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371820,
"ParentPID": 6684890,
"Thread": 34209831,
"EventTime": "2021-09-08T09:35:00.865850-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:35:00.989301-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10485962",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 5636260,
"ParentPID": 10485962,
"Thread": 43778213,
"EventTime": "2021-09-08T09:35:00.877342-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:35:00.989830-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371822,
"ParentPID": 6684890,
"Thread": 44630131,
"EventTime": "2021-09-08T09:40:00.885977-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:40:00.896911-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371822,
"ParentPID": 6684890,
"Thread": 44630131,
"EventTime": "2021-09-08T09:40:00.885977-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:40:00.897691-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 08:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371822,
"ParentPID": 6684890,
"Thread": 44630131,
"EventTime": "2021-09-08T09:40:00.887340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:40:00.898508-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371822,
"ParentPID": 6684890,
"Thread": 44630131,
"EventTime": "2021-09-08T09:40:00.887340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:40:00.899267-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371824,
"ParentPID": 6684890,
"Thread": 42991645,
"EventTime": "2021-09-08T09:45:00.897391-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:45:01.108211-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371824,
"ParentPID": 6684890,
"Thread": 42991645,
"EventTime": "2021-09-08T09:45:00.897391-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:45:01.109039-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 08:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371824,
"ParentPID": 6684890,
"Thread": 42991645,
"EventTime": "2021-09-08T09:45:00.897391-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:45:01.109793-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371824,
"ParentPID": 6684890,
"Thread": 42991645,
"EventTime": "2021-09-08T09:45:00.897391-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:45:01.110539-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636282eYv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636282,
"ParentPID": 10485972,
"Thread": 27131983,
"EventTime": "2021-09-08T09:49:12.999340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:49:13.179720-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10485980,
"ParentPID": 9371826,
"Thread": 41091207,
"EventTime": "2021-09-08T09:49:13.019341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:49:13.180535-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636306fEv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636306,
"ParentPID": 10485982,
"Thread": 27132007,
"EventTime": "2021-09-08T09:49:13.109340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:49:13.181272-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371828,
"ParentPID": 6684890,
"Thread": 34209847,
"EventTime": "2021-09-08T09:50:00.908321-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:50:00.956169-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371828,
"ParentPID": 6684890,
"Thread": 34209847,
"EventTime": "2021-09-08T09:50:00.908321-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:50:00.956972-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 08:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371828,
"ParentPID": 6684890,
"Thread": 34209847,
"EventTime": "2021-09-08T09:50:00.908321-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:50:00.957730-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371828,
"ParentPID": 6684890,
"Thread": 34209847,
"EventTime": "2021-09-08T09:50:00.908321-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:50:00.958539-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371830,
"ParentPID": 6684890,
"Thread": 29818917,
"EventTime": "2021-09-08T09:55:00.917606-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:55:01.107640-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371830,
"ParentPID": 6684890,
"Thread": 29818917,
"EventTime": "2021-09-08T09:55:00.917606-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:55:01.108459-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 08:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371830,
"ParentPID": 6684890,
"Thread": 29818917,
"EventTime": "2021-09-08T09:55:00.917606-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:55:01.109212-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371830,
"ParentPID": 6684890,
"Thread": 29818917,
"EventTime": "2021-09-08T09:55:00.917606-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T09:55:01.109958-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371832,
"ParentPID": 6684890,
"Thread": 35651745,
"EventTime": "2021-09-08T10:00:00.930290-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:00:01.013806-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371832,
"ParentPID": 6684890,
"Thread": 35651745,
"EventTime": "2021-09-08T10:00:00.930290-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:00:01.014613-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 09:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371832,
"ParentPID": 6684890,
"Thread": 35651745,
"EventTime": "2021-09-08T10:00:00.930290-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:00:01.015381-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371832,
"ParentPID": 6684890,
"Thread": 35651745,
"EventTime": "2021-09-08T10:00:00.930290-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:00:01.016132-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636328-Ev7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636328,
"ParentPID": 9371844,
"Thread": 45023397,
"EventTime": "2021-09-08T10:04:13.238340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:04:13.413449-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9371852,
"ParentPID": 10485988,
"Thread": 36634821,
"EventTime": "2021-09-08T10:04:13.258340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:04:13.414219-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636096auv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636096,
"ParentPID": 9371854,
"Thread": 45023421,
"EventTime": "2021-09-08T10:04:13.352498-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:04:13.414903-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371858,
"ParentPID": 6684890,
"Thread": 38863063,
"EventTime": "2021-09-08T10:05:00.937340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:05:01.198581-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371858,
"ParentPID": 6684890,
"Thread": 38863063,
"EventTime": "2021-09-08T10:05:00.937340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:05:01.199323-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 09:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371858,
"ParentPID": 6684890,
"Thread": 38863063,
"EventTime": "2021-09-08T10:05:00.937340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:05:01.200043-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371858,
"ParentPID": 6684890,
"Thread": 38863063,
"EventTime": "2021-09-08T10:05:00.941796-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:05:01.200775-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371860,
"ParentPID": 6684890,
"Thread": 44236847,
"EventTime": "2021-09-08T10:10:00.946341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:10:01.040357-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371860,
"ParentPID": 6684890,
"Thread": 44236847,
"EventTime": "2021-09-08T10:10:00.946341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:10:01.041169-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 09:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371860,
"ParentPID": 6684890,
"Thread": 44236847,
"EventTime": "2021-09-08T10:10:00.949286-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:10:01.041928-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371860,
"ParentPID": 6684890,
"Thread": 44236847,
"EventTime": "2021-09-08T10:10:00.949286-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:10:01.042672-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371862,
"ParentPID": 6684890,
"Thread": 44105975,
"EventTime": "2021-09-08T10:15:00.957313-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:15:01.228027-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371862,
"ParentPID": 6684890,
"Thread": 44105975,
"EventTime": "2021-09-08T10:15:00.957313-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:15:01.228843-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 09:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371862,
"ParentPID": 6684890,
"Thread": 44105975,
"EventTime": "2021-09-08T10:15:00.957313-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:15:01.229596-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371862,
"ParentPID": 6684890,
"Thread": 44105975,
"EventTime": "2021-09-08T10:15:00.957313-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:15:01.230340-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636118Wqv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636118,
"ParentPID": 10486000,
"Thread": 47579203,
"EventTime": "2021-09-08T10:19:13.478383-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:19:13.590346-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10486008,
"ParentPID": 9371864,
"Thread": 46792889,
"EventTime": "2021-09-08T10:19:13.494220-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:19:13.591101-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636142Xav7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636142,
"ParentPID": 10486010,
"Thread": 47579227,
"EventTime": "2021-09-08T10:19:13.589225-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:19:13.899155-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371866,
"ParentPID": 6684890,
"Thread": 32833721,
"EventTime": "2021-09-08T10:20:00.967954-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:20:01.068319-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371866,
"ParentPID": 6684890,
"Thread": 32833721,
"EventTime": "2021-09-08T10:20:00.967954-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:20:01.069132-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 09:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371866,
"ParentPID": 6684890,
"Thread": 32833721,
"EventTime": "2021-09-08T10:20:00.967954-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:20:01.069881-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371866,
"ParentPID": 6684890,
"Thread": 32833721,
"EventTime": "2021-09-08T10:20:00.967954-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:20:01.070621-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371868,
"ParentPID": 6684890,
"Thread": 41287845,
"EventTime": "2021-09-08T10:25:00.977087-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:25:01.208597-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371868,
"ParentPID": 6684890,
"Thread": 41287845,
"EventTime": "2021-09-08T10:25:00.977087-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:25:01.209362-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 09:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371868,
"ParentPID": 6684890,
"Thread": 41287845,
"EventTime": "2021-09-08T10:25:00.979629-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:25:01.210117-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371868,
"ParentPID": 6684890,
"Thread": 41287845,
"EventTime": "2021-09-08T10:25:00.979629-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:25:01.210863-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371870,
"ParentPID": 6684890,
"Thread": 44433485,
"EventTime": "2021-09-08T10:30:00.986260-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:30:01.094055-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371870,
"ParentPID": 6684890,
"Thread": 44433485,
"EventTime": "2021-09-08T10:30:00.986260-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:30:01.094832-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 09:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371870,
"ParentPID": 6684890,
"Thread": 44433485,
"EventTime": "2021-09-08T10:30:00.986260-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:30:01.095588-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371870,
"ParentPID": 6684890,
"Thread": 44433485,
"EventTime": "2021-09-08T10:30:00.986260-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:30:01.096408-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10486012",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 5636144,
"ParentPID": 10486012,
"Thread": 34209873,
"EventTime": "2021-09-08T10:30:01.006341-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:30:01.096965-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-08T10:33:08.088831-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:33:08.287384-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636166Rav7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636166,
"ParentPID": 10485766,
"Thread": 43778261,
"EventTime": "2021-09-08T10:34:13.717340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:34:13.799534-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10485774,
"ParentPID": 9371874,
"Thread": 38076643,
"EventTime": "2021-09-08T10:34:13.737397-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:34:13.800286-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636190RIv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636190,
"ParentPID": 10485776,
"Thread": 43778285,
"EventTime": "2021-09-08T10:34:13.832971-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:34:14.108176-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485778,
"ParentPID": 6684890,
"Thread": 45940845,
"EventTime": "2021-09-08T10:35:00.004336-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:35:00.076810-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485778,
"ParentPID": 6684890,
"Thread": 45940845,
"EventTime": "2021-09-08T10:35:00.004336-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:35:00.077620-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 09:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485778,
"ParentPID": 6684890,
"Thread": 45940845,
"EventTime": "2021-09-08T10:35:00.004336-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:35:00.078375-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485778,
"ParentPID": 6684890,
"Thread": 45940845,
"EventTime": "2021-09-08T10:35:00.004336-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:35:00.079114-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485780,
"ParentPID": 6684890,
"Thread": 33554461,
"EventTime": "2021-09-08T10:40:00.016340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:40:00.276640-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485780,
"ParentPID": 6684890,
"Thread": 33554461,
"EventTime": "2021-09-08T10:40:00.016340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:40:00.277450-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 09:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485780,
"ParentPID": 6684890,
"Thread": 33554461,
"EventTime": "2021-09-08T10:40:00.016340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:40:00.278200-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485780,
"ParentPID": 6684890,
"Thread": 33554461,
"EventTime": "2021-09-08T10:40:00.016340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:40:00.278962-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485782,
"ParentPID": 6684890,
"Thread": 36765817,
"EventTime": "2021-09-08T10:45:00.025561-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:45:00.126243-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485782,
"ParentPID": 6684890,
"Thread": 36765817,
"EventTime": "2021-09-08T10:45:00.025561-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:45:00.127061-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 09:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485782,
"ParentPID": 6684890,
"Thread": 36765817,
"EventTime": "2021-09-08T10:45:00.025561-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:45:00.127809-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485782,
"ParentPID": 6684890,
"Thread": 36765817,
"EventTime": "2021-09-08T10:45:00.025561-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:45:00.128553-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009240726LI0qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240726,
"ParentPID": 10747970,
"Thread": 44957887,
"EventTime": "2021-09-08T10:49:13.958829-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:49:14.078549-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10747978,
"ParentPID": 10485784,
"Thread": 32178351,
"EventTime": "2021-09-08T10:49:13.978836-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:49:14.082271-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009240750M30qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240750,
"ParentPID": 10747980,
"Thread": 44957911,
"EventTime": "2021-09-08T10:49:14.078874-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:49:14.383132-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240752,
"ParentPID": 6684890,
"Thread": 37027979,
"EventTime": "2021-09-08T10:50:00.039434-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:50:00.065514-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240752,
"ParentPID": 6684890,
"Thread": 37027979,
"EventTime": "2021-09-08T10:50:00.039434-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:50:00.066216-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 09:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240752,
"ParentPID": 6684890,
"Thread": 37027979,
"EventTime": "2021-09-08T10:50:00.039434-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:50:00.066998-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240752,
"ParentPID": 6684890,
"Thread": 37027979,
"EventTime": "2021-09-08T10:50:00.039434-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:50:00.067724-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240754,
"ParentPID": 6684890,
"Thread": 45940879,
"EventTime": "2021-09-08T10:55:00.048241-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:55:00.319787-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240754,
"ParentPID": 6684890,
"Thread": 45940879,
"EventTime": "2021-09-08T10:55:00.048241-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:55:00.320588-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 09:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240754,
"ParentPID": 6684890,
"Thread": 45940879,
"EventTime": "2021-09-08T10:55:00.048241-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:55:00.321333-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240754,
"ParentPID": 6684890,
"Thread": 45940879,
"EventTime": "2021-09-08T10:55:00.048241-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T10:55:00.322066-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240756,
"ParentPID": 6684890,
"Thread": 35586235,
"EventTime": "2021-09-08T11:00:00.055340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:00:00.172610-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240756,
"ParentPID": 6684890,
"Thread": 35586235,
"EventTime": "2021-09-08T11:00:00.055340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:00:00.173432-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 10:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240756,
"ParentPID": 6684890,
"Thread": 35586235,
"EventTime": "2021-09-08T11:00:00.055340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:00:00.174192-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240756,
"ParentPID": 6684890,
"Thread": 35586235,
"EventTime": "2021-09-08T11:00:00.055340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:00:00.174932-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636226Gyv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636226,
"ParentPID": 9240768,
"Thread": 33947723,
"EventTime": "2021-09-08T11:04:14.206341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:04:14.389558-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9240776,
"ParentPID": 11010136,
"Thread": 31653981,
"EventTime": "2021-09-08T11:04:14.218514-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:04:14.390365-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636250Hiv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636250,
"ParentPID": 9240778,
"Thread": 33947747,
"EventTime": "2021-09-08T11:04:14.318551-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:04:14.391085-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010138,
"ParentPID": 6684890,
"Thread": 31588435,
"EventTime": "2021-09-08T11:05:00.064331-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:05:00.076172-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010138,
"ParentPID": 6684890,
"Thread": 31588435,
"EventTime": "2021-09-08T11:05:00.064331-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:05:00.076974-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 10:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010138,
"ParentPID": 6684890,
"Thread": 31588435,
"EventTime": "2021-09-08T11:05:00.064331-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:05:00.077711-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010138,
"ParentPID": 6684890,
"Thread": 31588435,
"EventTime": "2021-09-08T11:05:00.064331-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:05:00.078435-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240782,
"ParentPID": 6684890,
"Thread": 48693325,
"EventTime": "2021-09-08T11:10:00.076090-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:10:00.292776-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240782,
"ParentPID": 6684890,
"Thread": 48693325,
"EventTime": "2021-09-08T11:10:00.076090-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:10:00.293532-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 10:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240782,
"ParentPID": 6684890,
"Thread": 48693325,
"EventTime": "2021-09-08T11:10:00.085341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:10:00.294280-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240782,
"ParentPID": 6684890,
"Thread": 48693325,
"EventTime": "2021-09-08T11:10:00.086093-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:10:00.295006-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240784,
"ParentPID": 6684890,
"Thread": 40698057,
"EventTime": "2021-09-08T11:15:00.094703-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:15:00.151663-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240784,
"ParentPID": 6684890,
"Thread": 40698057,
"EventTime": "2021-09-08T11:15:00.094703-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:15:00.152470-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 10:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240784,
"ParentPID": 6684890,
"Thread": 40698057,
"EventTime": "2021-09-08T11:15:00.095341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:15:00.153212-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240784,
"ParentPID": 6684890,
"Thread": 40698057,
"EventTime": "2021-09-08T11:15:00.097071-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:15:00.153949-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010748016BeFaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10748016,
"ParentPID": 11010150,
"Thread": 41418981,
"EventTime": "2021-09-08T11:19:14.446364-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:19:14.661654-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11010158,
"ParentPID": 9240786,
"Thread": 39977049,
"EventTime": "2021-09-08T11:19:14.460440-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:19:14.662412-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010748040BQFaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10748040,
"ParentPID": 11010160,
"Thread": 41419005,
"EventTime": "2021-09-08T11:19:14.560478-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:19:14.663137-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010162,
"ParentPID": 6684890,
"Thread": 48693345,
"EventTime": "2021-09-08T11:20:00.097172-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:20:00.355263-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010162,
"ParentPID": 6684890,
"Thread": 48693345,
"EventTime": "2021-09-08T11:20:00.097172-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:20:00.356066-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 10:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010162,
"ParentPID": 6684890,
"Thread": 48693345,
"EventTime": "2021-09-08T11:20:00.104341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:20:00.356807-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010162,
"ParentPID": 6684890,
"Thread": 48693345,
"EventTime": "2021-09-08T11:20:00.104341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:20:00.357539-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010164,
"ParentPID": 6684890,
"Thread": 49414171,
"EventTime": "2021-09-08T11:25:00.106764-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:25:00.236855-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010164,
"ParentPID": 6684890,
"Thread": 49414171,
"EventTime": "2021-09-08T11:25:00.106764-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:25:00.237659-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 10:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010164,
"ParentPID": 6684890,
"Thread": 49414171,
"EventTime": "2021-09-08T11:25:00.114342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:25:00.238395-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010164,
"ParentPID": 6684890,
"Thread": 49414171,
"EventTime": "2021-09-08T11:25:00.114342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:25:00.239121-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.11010166",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9240788,
"ParentPID": 11010166,
"Thread": 49152103,
"EventTime": "2021-09-08T11:25:00.136745-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:25:00.239650-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010168,
"ParentPID": 6684890,
"Thread": 48693365,
"EventTime": "2021-09-08T11:30:00.116569-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:30:00.413693-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010168,
"ParentPID": 6684890,
"Thread": 48693365,
"EventTime": "2021-09-08T11:30:00.116569-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:30:00.414682-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 10:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010168,
"ParentPID": 6684890,
"Thread": 48693365,
"EventTime": "2021-09-08T11:30:00.124340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:30:00.415489-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010168,
"ParentPID": 6684890,
"Thread": 48693365,
"EventTime": "2021-09-08T11:30:00.125645-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:30:00.416217-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-08T11:33:07.968353-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:33:08.219569-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00107480626MFaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10748062,
"ParentPID": 9240798,
"Thread": 40829109,
"EventTime": "2021-09-08T11:34:14.685341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:34:14.944412-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9240806,
"ParentPID": 11010172,
"Thread": 46268615,
"EventTime": "2021-09-08T11:34:14.703116-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:34:14.945224-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC001074808677Faaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10748086,
"ParentPID": 9240808,
"Thread": 40829133,
"EventTime": "2021-09-08T11:34:14.795340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:34:14.946029-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010174,
"ParentPID": 6684890,
"Thread": 41418775,
"EventTime": "2021-09-08T11:35:00.127959-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:35:00.314201-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010174,
"ParentPID": 6684890,
"Thread": 41418775,
"EventTime": "2021-09-08T11:35:00.127959-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:35:00.315052-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 10:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010174,
"ParentPID": 6684890,
"Thread": 41418775,
"EventTime": "2021-09-08T11:35:00.134340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:35:00.315859-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010174,
"ParentPID": 6684890,
"Thread": 41418775,
"EventTime": "2021-09-08T11:35:00.134340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:35:00.316593-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010176,
"ParentPID": 6684890,
"Thread": 47382765,
"EventTime": "2021-09-08T11:40:00.138830-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:40:00.235191-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010176,
"ParentPID": 6684890,
"Thread": 47382765,
"EventTime": "2021-09-08T11:40:00.138830-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:40:00.236006-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 10:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010176,
"ParentPID": 6684890,
"Thread": 47382765,
"EventTime": "2021-09-08T11:40:00.144340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:40:00.236753-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010176,
"ParentPID": 6684890,
"Thread": 47382765,
"EventTime": "2021-09-08T11:40:00.144340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:40:00.237493-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010178,
"ParentPID": 6684890,
"Thread": 31260873,
"EventTime": "2021-09-08T11:45:00.152850-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:45:00.451192-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010178,
"ParentPID": 6684890,
"Thread": 31260873,
"EventTime": "2021-09-08T11:45:00.152850-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:45:00.451953-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 10:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010178,
"ParentPID": 6684890,
"Thread": 31260873,
"EventTime": "2021-09-08T11:45:00.154340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:45:00.452696-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010178,
"ParentPID": 6684890,
"Thread": 31260873,
"EventTime": "2021-09-08T11:45:00.154340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:45:00.453432-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC001074810813Faaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10748108,
"ParentPID": 9240818,
"Thread": 49086515,
"EventTime": "2021-09-08T11:49:14.925372-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:49:14.932659-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9240826,
"ParentPID": 11010180,
"Thread": 41418803,
"EventTime": "2021-09-08T11:49:14.941750-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:49:15.236174-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00107481322mFaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10748132,
"ParentPID": 9240828,
"Thread": 49086539,
"EventTime": "2021-09-08T11:49:15.035340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:49:15.236970-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010182,
"ParentPID": 6684890,
"Thread": 35717227,
"EventTime": "2021-09-08T11:50:00.159546-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:50:00.335799-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010182,
"ParentPID": 6684890,
"Thread": 35717227,
"EventTime": "2021-09-08T11:50:00.159546-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:50:00.336599-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 10:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010182,
"ParentPID": 6684890,
"Thread": 35717227,
"EventTime": "2021-09-08T11:50:00.163340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:50:00.337335-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010182,
"ParentPID": 6684890,
"Thread": 35717227,
"EventTime": "2021-09-08T11:50:00.164446-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:50:00.338065-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010184,
"ParentPID": 6684890,
"Thread": 38862853,
"EventTime": "2021-09-08T11:55:00.164484-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:55:00.215411-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010184,
"ParentPID": 6684890,
"Thread": 38862853,
"EventTime": "2021-09-08T11:55:00.164484-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:55:00.216224-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 10:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010184,
"ParentPID": 6684890,
"Thread": 38862853,
"EventTime": "2021-09-08T11:55:00.164484-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:55:00.216959-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010184,
"ParentPID": 6684890,
"Thread": 38862853,
"EventTime": "2021-09-08T11:55:00.174487-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T11:55:00.217693-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240830,
"ParentPID": 6684890,
"Thread": 48955521,
"EventTime": "2021-09-08T12:00:00.186749-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:00:00.433623-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240830,
"ParentPID": 6684890,
"Thread": 48955521,
"EventTime": "2021-09-08T12:00:00.186749-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:00:00.434452-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 11:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240830,
"ParentPID": 6684890,
"Thread": 48955521,
"EventTime": "2021-09-08T12:00:00.186749-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:00:00.435204-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240830,
"ParentPID": 6684890,
"Thread": 48955521,
"EventTime": "2021-09-08T12:00:00.186749-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:00:00.435931-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010186,
"ParentPID": 6684890,
"Thread": 23658741,
"EventTime": "2021-09-08T12:00:00.193340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:00:00.436644-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010186,
"ParentPID": 6684890,
"Thread": 23658741,
"EventTime": "2021-09-08T12:00:00.193340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:00:00.437355-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/bin/errclear -d S,O 30 time = Wed Aug 18 11:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010186,
"ParentPID": 6684890,
"Thread": 23658741,
"EventTime": "2021-09-08T12:00:00.193340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:00:00.438079-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010186,
"ParentPID": 6684890,
"Thread": 23658741,
"EventTime": "2021-09-08T12:00:00.193340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:00:00.438788-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010748154viFaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10748154,
"ParentPID": 9240584,
"Thread": 47185939,
"EventTime": "2021-09-08T12:04:15.161618-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:04:15.222501-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9240592,
"ParentPID": 11010194,
"Thread": 36700175,
"EventTime": "2021-09-08T12:04:15.174340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:04:15.223262-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223814vUDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223814,
"ParentPID": 5636310,
"Thread": 49217661,
"EventTime": "2021-09-08T12:04:15.274340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:04:15.525189-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010196,
"ParentPID": 6684890,
"Thread": 45744215,
"EventTime": "2021-09-08T12:05:00.218988-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:05:00.300054-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010196,
"ParentPID": 6684890,
"Thread": 45744215,
"EventTime": "2021-09-08T12:05:00.218988-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:05:00.300864-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 11:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010196,
"ParentPID": 6684890,
"Thread": 45744215,
"EventTime": "2021-09-08T12:05:00.218988-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:05:00.301614-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010196,
"ParentPID": 6684890,
"Thread": 45744215,
"EventTime": "2021-09-08T12:05:00.223340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:05:00.302344-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223818,
"ParentPID": 6684890,
"Thread": 28770497,
"EventTime": "2021-09-08T12:10:00.229918-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:10:00.481084-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223818,
"ParentPID": 6684890,
"Thread": 28770497,
"EventTime": "2021-09-08T12:10:00.229918-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:10:00.481850-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 11:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223818,
"ParentPID": 6684890,
"Thread": 28770497,
"EventTime": "2021-09-08T12:10:00.229918-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:10:00.482611-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223818,
"ParentPID": 6684890,
"Thread": 28770497,
"EventTime": "2021-09-08T12:10:00.229918-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:10:00.483355-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223820,
"ParentPID": 6684890,
"Thread": 32309393,
"EventTime": "2021-09-08T12:15:00.236677-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:15:00.318948-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223820,
"ParentPID": 6684890,
"Thread": 32309393,
"EventTime": "2021-09-08T12:15:00.236677-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:15:00.319785-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 11:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223820,
"ParentPID": 6684890,
"Thread": 32309393,
"EventTime": "2021-09-08T12:15:00.243757-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:15:00.320537-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223820,
"ParentPID": 6684890,
"Thread": 32309393,
"EventTime": "2021-09-08T12:15:00.243757-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:15:00.321267-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.11010200",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9044086,
"ParentPID": 11010200,
"Thread": 22675613,
"EventTime": "2021-09-08T12:15:00.259222-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:15:00.321803-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009044108pQ97aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9044108,
"ParentPID": 11010210,
"Thread": 28770531,
"EventTime": "2021-09-08T12:19:15.404364-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:19:15.452198-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11010218,
"ParentPID": 10223822,
"Thread": 33095911,
"EventTime": "2021-09-08T12:19:15.422222-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:19:15.452966-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009044132qA97aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9044132,
"ParentPID": 11010220,
"Thread": 28770555,
"EventTime": "2021-09-08T12:19:15.514341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:19:15.755215-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010222,
"ParentPID": 6684890,
"Thread": 41091253,
"EventTime": "2021-09-08T12:20:00.256092-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:20:00.534447-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010222,
"ParentPID": 6684890,
"Thread": 41091253,
"EventTime": "2021-09-08T12:20:00.256092-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:20:00.535264-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 11:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010222,
"ParentPID": 6684890,
"Thread": 41091253,
"EventTime": "2021-09-08T12:20:00.266096-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:20:00.536012-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010222,
"ParentPID": 6684890,
"Thread": 41091253,
"EventTime": "2021-09-08T12:20:00.266096-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:20:00.536748-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010224,
"ParentPID": 6684890,
"Thread": 28901455,
"EventTime": "2021-09-08T12:25:00.267669-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:25:00.449089-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010224,
"ParentPID": 6684890,
"Thread": 28901455,
"EventTime": "2021-09-08T12:25:00.267669-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:25:00.449853-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 11:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010224,
"ParentPID": 6684890,
"Thread": 28901455,
"EventTime": "2021-09-08T12:25:00.267669-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:25:00.450600-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010224,
"ParentPID": 6684890,
"Thread": 28901455,
"EventTime": "2021-09-08T12:25:00.267669-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:25:00.451327-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010226,
"ParentPID": 6684890,
"Thread": 42664183,
"EventTime": "2021-09-08T12:30:00.282340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:30:00.331231-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010226,
"ParentPID": 6684890,
"Thread": 42664183,
"EventTime": "2021-09-08T12:30:00.282340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:30:00.331988-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 11:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010226,
"ParentPID": 6684890,
"Thread": 42664183,
"EventTime": "2021-09-08T12:30:00.282340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:30:00.332779-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010226,
"ParentPID": 6684890,
"Thread": 42664183,
"EventTime": "2021-09-08T12:30:00.282340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:30:00.333560-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-08T12:33:07.846340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:33:07.857787-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009830408kAB7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9830408,
"ParentPID": 11468806,
"Thread": 29884605,
"EventTime": "2021-09-08T12:34:15.644341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:34:15.785225-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11468814,
"ParentPID": 11010230,
"Thread": 40042579,
"EventTime": "2021-09-08T12:34:15.659696-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:34:15.786041-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010747926lmFaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10747926,
"ParentPID": 11468816,
"Thread": 50135075,
"EventTime": "2021-09-08T12:34:15.754371-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:34:15.786770-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468818,
"ParentPID": 6684890,
"Thread": 22282253,
"EventTime": "2021-09-08T12:35:00.292340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:35:00.567783-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468818,
"ParentPID": 6684890,
"Thread": 22282253,
"EventTime": "2021-09-08T12:35:00.292340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:35:00.568590-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 11:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468818,
"ParentPID": 6684890,
"Thread": 22282253,
"EventTime": "2021-09-08T12:35:00.292340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:35:00.569332-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468818,
"ParentPID": 6684890,
"Thread": 22282253,
"EventTime": "2021-09-08T12:35:00.292340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:35:00.570057-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468820,
"ParentPID": 6684890,
"Thread": 39977077,
"EventTime": "2021-09-08T12:40:00.302769-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:40:00.489812-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468820,
"ParentPID": 6684890,
"Thread": 39977077,
"EventTime": "2021-09-08T12:40:00.302769-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:40:00.490630-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 11:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468820,
"ParentPID": 6684890,
"Thread": 39977077,
"EventTime": "2021-09-08T12:40:00.302769-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:40:00.491376-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468820,
"ParentPID": 6684890,
"Thread": 39977077,
"EventTime": "2021-09-08T12:40:00.302769-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:40:00.492100-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468822,
"ParentPID": 6684890,
"Thread": 28901489,
"EventTime": "2021-09-08T12:45:00.305875-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:45:00.419330-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468822,
"ParentPID": 6684890,
"Thread": 28901489,
"EventTime": "2021-09-08T12:45:00.305875-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:45:00.420134-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 11:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468822,
"ParentPID": 6684890,
"Thread": 28901489,
"EventTime": "2021-09-08T12:45:00.305875-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:45:00.420875-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468822,
"ParentPID": 6684890,
"Thread": 28901489,
"EventTime": "2021-09-08T12:45:00.315878-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:45:00.421605-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009371738fm0Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371738,
"ParentPID": 9437296,
"Thread": 40435967,
"EventTime": "2021-09-08T12:49:15.873948-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:49:16.114145-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9437304,
"ParentPID": 11468824,
"Thread": 31195229,
"EventTime": "2021-09-08T12:49:15.893953-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:49:16.114919-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009371762fU0Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371762,
"ParentPID": 9437306,
"Thread": 40435735,
"EventTime": "2021-09-08T12:49:15.993347-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:49:16.115608-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468826,
"ParentPID": 6684890,
"Thread": 50331797,
"EventTime": "2021-09-08T12:50:00.322342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:50:00.597313-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468826,
"ParentPID": 6684890,
"Thread": 50331797,
"EventTime": "2021-09-08T12:50:00.322342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:50:00.598013-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 11:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468826,
"ParentPID": 6684890,
"Thread": 50331797,
"EventTime": "2021-09-08T12:50:00.324929-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:50:00.598742-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468826,
"ParentPID": 6684890,
"Thread": 50331797,
"EventTime": "2021-09-08T12:50:00.324929-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:50:00.599477-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468828,
"ParentPID": 6684890,
"Thread": 49414221,
"EventTime": "2021-09-08T12:55:00.331341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:55:00.499138-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468828,
"ParentPID": 6684890,
"Thread": 49414221,
"EventTime": "2021-09-08T12:55:00.331341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:55:00.499899-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 11:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468828,
"ParentPID": 6684890,
"Thread": 49414221,
"EventTime": "2021-09-08T12:55:00.333674-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:55:00.500645-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468828,
"ParentPID": 6684890,
"Thread": 49414221,
"EventTime": "2021-09-08T12:55:00.333674-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T12:55:00.501438-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468830,
"ParentPID": 6684890,
"Thread": 50331817,
"EventTime": "2021-09-08T13:00:00.344630-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:00:00.396294-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468830,
"ParentPID": 6684890,
"Thread": 50331817,
"EventTime": "2021-09-08T13:00:00.344630-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:00:00.397057-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/bin/errclear -d H 90 time = Wed Aug 18 12:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468830,
"ParentPID": 6684890,
"Thread": 50331817,
"EventTime": "2021-09-08T13:00:00.344630-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:00:00.397812-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468830,
"ParentPID": 6684890,
"Thread": 50331817,
"EventTime": "2021-09-08T13:00:00.344630-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:00:00.398554-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9437308,
"ParentPID": 6684890,
"Thread": 36634847,
"EventTime": "2021-09-08T13:00:00.354633-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:00:00.399282-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9437308,
"ParentPID": 6684890,
"Thread": 36634847,
"EventTime": "2021-09-08T13:00:00.354633-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:00:00.400006-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 12:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9437308,
"ParentPID": 6684890,
"Thread": 36634847,
"EventTime": "2021-09-08T13:00:00.356922-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:00:00.400738-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9437308,
"ParentPID": 6684890,
"Thread": 36634847,
"EventTime": "2021-09-08T13:00:00.356922-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:00:00.401504-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009371784-U0Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371784,
"ParentPID": 11468842,
"Thread": 27656315,
"EventTime": "2021-09-08T13:04:16.112340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:04:16.173112-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11468850,
"ParentPID": 9437314,
"Thread": 36634869,
"EventTime": "2021-09-08T13:04:16.132340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:04:16.173925-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.08192090",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9240608,
"ParentPID": 8192090,
"Thread": 31260909,
"EventTime": "2021-09-08T13:04:16.152340-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:04:16.174481-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011010280aAGaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11010280,
"ParentPID": 5636104,
"Thread": 41091303,
"EventTime": "2021-09-08T13:04:16.232341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:04:16.477689-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9437316,
"ParentPID": 6684890,
"Thread": 42139779,
"EventTime": "2021-09-08T13:05:00.383547-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:05:00.659176-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9437316,
"ParentPID": 6684890,
"Thread": 42139779,
"EventTime": "2021-09-08T13:05:00.383547-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:05:00.659938-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 12:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9437316,
"ParentPID": 6684890,
"Thread": 42139779,
"EventTime": "2021-09-08T13:05:00.383547-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:05:00.660682-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9437316,
"ParentPID": 6684890,
"Thread": 42139779,
"EventTime": "2021-09-08T13:05:00.383547-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:05:00.661452-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010284,
"ParentPID": 6684890,
"Thread": 49479763,
"EventTime": "2021-09-08T13:10:00.390341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:10:00.564768-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010284,
"ParentPID": 6684890,
"Thread": 49479763,
"EventTime": "2021-09-08T13:10:00.390341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:10:00.565589-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 12:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010284,
"ParentPID": 6684890,
"Thread": 49479763,
"EventTime": "2021-09-08T13:10:00.393406-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:10:00.566336-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010284,
"ParentPID": 6684890,
"Thread": 49479763,
"EventTime": "2021-09-08T13:10:00.393406-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:10:00.567060-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010286,
"ParentPID": 6684890,
"Thread": 41943151,
"EventTime": "2021-09-08T13:15:00.400340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:15:00.496366-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010286,
"ParentPID": 6684890,
"Thread": 41943151,
"EventTime": "2021-09-08T13:15:00.400340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:15:00.497183-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 12:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010286,
"ParentPID": 6684890,
"Thread": 41943151,
"EventTime": "2021-09-08T13:15:00.400340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:15:00.497928-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010286,
"ParentPID": 6684890,
"Thread": 41943151,
"EventTime": "2021-09-08T13:15:00.400340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:15:00.498658-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010289340WADqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10289340,
"ParentPID": 9437328,
"Thread": 34799629,
"EventTime": "2021-09-08T13:19:16.354076-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:19:16.490154-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9437336,
"ParentPID": 11010288,
"Thread": 45940925,
"EventTime": "2021-09-08T13:19:16.374084-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:19:16.490910-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010289364XqDqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10289364,
"ParentPID": 9437338,
"Thread": 34799653,
"EventTime": "2021-09-08T13:19:16.472341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:19:16.491637-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9437340,
"ParentPID": 6684890,
"Thread": 43385019,
"EventTime": "2021-09-08T13:20:00.411658-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:20:00.686108-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9437340,
"ParentPID": 6684890,
"Thread": 43385019,
"EventTime": "2021-09-08T13:20:00.411658-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:20:00.686912-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 12:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9437340,
"ParentPID": 6684890,
"Thread": 43385019,
"EventTime": "2021-09-08T13:20:00.413475-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:20:00.687654-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9437340,
"ParentPID": 6684890,
"Thread": 43385019,
"EventTime": "2021-09-08T13:20:00.414481-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:20:00.688381-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9437342,
"ParentPID": 6684890,
"Thread": 34996333,
"EventTime": "2021-09-08T13:25:00.420340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:25:00.678165-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9437342,
"ParentPID": 6684890,
"Thread": 34996333,
"EventTime": "2021-09-08T13:25:00.420340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:25:00.678928-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 12:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9437342,
"ParentPID": 6684890,
"Thread": 34996333,
"EventTime": "2021-09-08T13:25:00.420340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:25:00.679677-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9437342,
"ParentPID": 6684890,
"Thread": 34996333,
"EventTime": "2021-09-08T13:25:00.420340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:25:00.680440-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9437344,
"ParentPID": 6684890,
"Thread": 46792907,
"EventTime": "2021-09-08T13:30:00.429468-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:30:00.545511-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9437344,
"ParentPID": 6684890,
"Thread": 46792907,
"EventTime": "2021-09-08T13:30:00.429468-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:30:00.546338-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 12:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9437344,
"ParentPID": 6684890,
"Thread": 46792907,
"EventTime": "2021-09-08T13:30:00.429468-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:30:00.547092-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9437344,
"ParentPID": 6684890,
"Thread": 46792907,
"EventTime": "2021-09-08T13:30:00.429468-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:30:00.547833-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-08T13:33:07.723339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:33:07.751578-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636148Rqv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636148,
"ParentPID": 10289374,
"Thread": 44695575,
"EventTime": "2021-09-08T13:34:16.591341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:34:16.900465-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10289382,
"ParentPID": 9437348,
"Thread": 29360161,
"EventTime": "2021-09-08T13:34:16.619015-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:34:16.901276-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636170RYv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636170,
"ParentPID": 9371790,
"Thread": 44695597,
"EventTime": "2021-09-08T13:34:16.701340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:34:16.902046-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371792,
"ParentPID": 6684890,
"Thread": 43974895,
"EventTime": "2021-09-08T13:35:00.440446-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:35:00.749446-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371792,
"ParentPID": 6684890,
"Thread": 43974895,
"EventTime": "2021-09-08T13:35:00.440446-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:35:00.750217-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 12:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371792,
"ParentPID": 6684890,
"Thread": 43974895,
"EventTime": "2021-09-08T13:35:00.440446-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:35:00.751019-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371792,
"ParentPID": 6684890,
"Thread": 43974895,
"EventTime": "2021-09-08T13:35:00.440446-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:35:00.751752-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371794,
"ParentPID": 6684890,
"Thread": 29884621,
"EventTime": "2021-09-08T13:40:00.449340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:40:00.658049-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371794,
"ParentPID": 6684890,
"Thread": 29884621,
"EventTime": "2021-09-08T13:40:00.449340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:40:00.658867-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 12:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371794,
"ParentPID": 6684890,
"Thread": 29884621,
"EventTime": "2021-09-08T13:40:00.449340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:40:00.659649-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371794,
"ParentPID": 6684890,
"Thread": 29884621,
"EventTime": "2021-09-08T13:40:00.449340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:40:00.660434-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371796,
"ParentPID": 6684890,
"Thread": 22282293,
"EventTime": "2021-09-08T13:45:00.455235-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:45:00.566434-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371796,
"ParentPID": 6684890,
"Thread": 22282293,
"EventTime": "2021-09-08T13:45:00.455235-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:45:00.567240-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 12:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371796,
"ParentPID": 6684890,
"Thread": 22282293,
"EventTime": "2021-09-08T13:45:00.455235-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:45:00.567990-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371796,
"ParentPID": 6684890,
"Thread": 22282293,
"EventTime": "2021-09-08T13:45:00.455235-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:45:00.568734-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009830494LUB7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9830494,
"ParentPID": 10747980,
"Thread": 42467351,
"EventTime": "2021-09-08T13:49:16.829581-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:49:16.882565-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10747988,
"ParentPID": 9371798,
"Thread": 41943201,
"EventTime": "2021-09-08T13:49:16.841340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:49:16.883388-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009830518MEB7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9830518,
"ParentPID": 10747990,
"Thread": 42467375,
"EventTime": "2021-09-08T13:49:16.941340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:49:17.184276-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371800,
"ParentPID": 6684890,
"Thread": 49086561,
"EventTime": "2021-09-08T13:50:00.467619-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:50:00.757447-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371800,
"ParentPID": 6684890,
"Thread": 49086561,
"EventTime": "2021-09-08T13:50:00.467619-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:50:00.758255-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 12:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371800,
"ParentPID": 6684890,
"Thread": 49086561,
"EventTime": "2021-09-08T13:50:00.467619-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:50:00.759006-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371800,
"ParentPID": 6684890,
"Thread": 49086561,
"EventTime": "2021-09-08T13:50:00.467619-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:50:00.759744-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371802,
"ParentPID": 6684890,
"Thread": 36700229,
"EventTime": "2021-09-08T13:55:00.479340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:55:00.619853-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371802,
"ParentPID": 6684890,
"Thread": 36700229,
"EventTime": "2021-09-08T13:55:00.479340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:55:00.620669-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 12:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371802,
"ParentPID": 6684890,
"Thread": 36700229,
"EventTime": "2021-09-08T13:55:00.479340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:55:00.621410-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371802,
"ParentPID": 6684890,
"Thread": 36700229,
"EventTime": "2021-09-08T13:55:00.479340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:55:00.622140-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09830520",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 8192112,
"ParentPID": 9830520,
"Thread": 50200637,
"EventTime": "2021-09-08T13:55:00.500349-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T13:55:00.622677-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371804,
"ParentPID": 6684890,
"Thread": 33947805,
"EventTime": "2021-09-08T14:00:00.501168-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:00:00.772846-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371804,
"ParentPID": 6684890,
"Thread": 33947805,
"EventTime": "2021-09-08T14:00:00.501168-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:00:00.773613-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 13:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371804,
"ParentPID": 6684890,
"Thread": 33947805,
"EventTime": "2021-09-08T14:00:00.501168-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:00:00.774376-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371804,
"ParentPID": 6684890,
"Thread": 33947805,
"EventTime": "2021-09-08T14:00:00.501168-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:00:00.775109-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008192134GA6qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8192134,
"ParentPID": 9371816,
"Thread": 44433551,
"EventTime": "2021-09-08T14:04:17.060728-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:04:17.111633-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9371824,
"ParentPID": 9830526,
"Thread": 50200661,
"EventTime": "2021-09-08T14:04:17.080733-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:04:17.112399-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008192158Hu6qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8192158,
"ParentPID": 9371826,
"Thread": 44433575,
"EventTime": "2021-09-08T14:04:17.180767-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:04:17.421167-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371828,
"ParentPID": 6684890,
"Thread": 37028049,
"EventTime": "2021-09-08T14:05:00.509340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:05:00.699229-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371828,
"ParentPID": 6684890,
"Thread": 37028049,
"EventTime": "2021-09-08T14:05:00.509340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:05:00.700042-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 13:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371828,
"ParentPID": 6684890,
"Thread": 37028049,
"EventTime": "2021-09-08T14:05:00.509340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:05:00.700839-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371828,
"ParentPID": 6684890,
"Thread": 37028049,
"EventTime": "2021-09-08T14:05:00.509340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:05:00.701578-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371830,
"ParentPID": 5439688,
"Thread": 37028051,
"EventTime": "2021-09-08T14:05:36.827758-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:05:37.069321-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371832,
"ParentPID": 5439688,
"Thread": 37028053,
"EventTime": "2021-09-08T14:05:37.890633-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:05:37.974099-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371834,
"ParentPID": 5439688,
"Thread": 37028055,
"EventTime": "2021-09-08T14:05:38.164892-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:05:38.281067-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371836,
"ParentPID": 5439688,
"Thread": 37028057,
"EventTime": "2021-09-08T14:05:38.291628-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:05:38.583170-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371838,
"ParentPID": 5439688,
"Thread": 37028059,
"EventTime": "2021-09-08T14:05:38.562217-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:05:38.583940-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371840,
"ParentPID": 5439688,
"Thread": 37028061,
"EventTime": "2021-09-08T14:05:38.832887-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:05:38.888181-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371842,
"ParentPID": 5439688,
"Thread": 37028063,
"EventTime": "2021-09-08T14:05:39.103593-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:05:39.194634-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371844,
"ParentPID": 5439688,
"Thread": 37028065,
"EventTime": "2021-09-08T14:05:39.364271-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:05:39.498164-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371846,
"ParentPID": 5439688,
"Thread": 37028067,
"EventTime": "2021-09-08T14:05:39.624945-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:05:39.799735-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371848,
"ParentPID": 5439688,
"Thread": 37028069,
"EventTime": "2021-09-08T14:05:39.877340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:05:40.107081-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371850,
"ParentPID": 6684890,
"Thread": 44499127,
"EventTime": "2021-09-08T14:10:00.522056-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:10:00.617655-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371850,
"ParentPID": 6684890,
"Thread": 44499127,
"EventTime": "2021-09-08T14:10:00.522056-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:10:00.618460-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 13:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371850,
"ParentPID": 6684890,
"Thread": 44499127,
"EventTime": "2021-09-08T14:10:00.522056-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:10:00.619205-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371850,
"ParentPID": 6684890,
"Thread": 44499127,
"EventTime": "2021-09-08T14:10:00.526529-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:10:00.619952-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830530,
"ParentPID": 6684890,
"Thread": 39583821,
"EventTime": "2021-09-08T14:15:00.528340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:15:00.771353-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830530,
"ParentPID": 6684890,
"Thread": 39583821,
"EventTime": "2021-09-08T14:15:00.528340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:15:00.772162-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 13:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830530,
"ParentPID": 6684890,
"Thread": 39583821,
"EventTime": "2021-09-08T14:15:00.528340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:15:00.772906-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830530,
"ParentPID": 6684890,
"Thread": 39583821,
"EventTime": "2021-09-08T14:15:00.528340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:15:00.773637-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008192180Bq6qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8192180,
"ParentPID": 9371862,
"Thread": 46530637,
"EventTime": "2021-09-08T14:19:17.310351-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:19:17.401206-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9371870,
"ParentPID": 9830532,
"Thread": 33554513,
"EventTime": "2021-09-08T14:19:17.323107-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:19:17.402009-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008192204Ca6qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8192204,
"ParentPID": 9371872,
"Thread": 46530661,
"EventTime": "2021-09-08T14:19:17.423140-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:19:17.704783-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830534,
"ParentPID": 6684890,
"Thread": 35717259,
"EventTime": "2021-09-08T14:20:00.540183-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:20:00.680321-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830534,
"ParentPID": 6684890,
"Thread": 35717259,
"EventTime": "2021-09-08T14:20:00.540183-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:20:00.681140-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 13:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830534,
"ParentPID": 6684890,
"Thread": 35717259,
"EventTime": "2021-09-08T14:20:00.540183-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:20:00.681888-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830534,
"ParentPID": 6684890,
"Thread": 35717259,
"EventTime": "2021-09-08T14:20:00.540183-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:20:00.682625-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830536,
"ParentPID": 6684890,
"Thread": 29491225,
"EventTime": "2021-09-08T14:25:00.548341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:25:00.566252-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830536,
"ParentPID": 6684890,
"Thread": 29491225,
"EventTime": "2021-09-08T14:25:00.548341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:25:00.567012-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 13:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830536,
"ParentPID": 6684890,
"Thread": 29491225,
"EventTime": "2021-09-08T14:25:00.554600-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:25:00.567763-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830536,
"ParentPID": 6684890,
"Thread": 29491225,
"EventTime": "2021-09-08T14:25:00.554600-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:25:00.568582-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830538,
"ParentPID": 6684890,
"Thread": 47513661,
"EventTime": "2021-09-08T14:30:00.562847-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:30:00.696788-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830538,
"ParentPID": 6684890,
"Thread": 47513661,
"EventTime": "2021-09-08T14:30:00.562847-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:30:00.697583-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 13:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830538,
"ParentPID": 6684890,
"Thread": 47513661,
"EventTime": "2021-09-08T14:30:00.562847-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:30:00.698337-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830538,
"ParentPID": 6684890,
"Thread": 47513661,
"EventTime": "2021-09-08T14:30:00.562847-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:30:00.699089-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830540,
"ParentPID": 5439688,
"Thread": 49610945,
"EventTime": "2021-09-08T14:31:54.194899-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:31:54.263237-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9371874.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9371874,
"ParentPID": 9830540,
"Thread": 36896837,
"EventTime": "2021-09-08T14:31:54.325235-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:31:54.565198-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9371874",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11010110,
"ParentPID": 9371874,
"Thread": 33554535,
"EventTime": "2021-09-08T14:31:54.365278-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:31:54.566025-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11010110,
"ParentPID": 9371874,
"Thread": 33554535,
"EventTime": "2021-09-08T14:31:54.365278-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:31:54.566763-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010114aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010114,
"ParentPID": 9371874,
"Thread": 33554539,
"EventTime": "2021-09-08T14:31:54.375281-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:31:54.567495-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010114aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010114,
"ParentPID": 9371874,
"Thread": 33554539,
"EventTime": "2021-09-08T14:31:54.375281-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:31:54.568216-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010114aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010114,
"ParentPID": 9371874,
"Thread": 33554539,
"EventTime": "2021-09-08T14:31:54.385284-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:31:54.568932-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9371874/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11010120,
"ParentPID": 9371874,
"Thread": 33554545,
"EventTime": "2021-09-08T14:31:54.395322-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:31:54.569639-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9371874",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11010122,
"ParentPID": 9371874,
"Thread": 33554547,
"EventTime": "2021-09-08T14:31:54.395322-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:31:54.570357-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9371876,
"ParentPID": 9830540,
"Thread": 36896839,
"EventTime": "2021-09-08T14:31:54.395322-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:31:54.571079-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371876,
"ParentPID": 9830540,
"Thread": 36896839,
"EventTime": "2021-09-08T14:31:54.395322-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:31:54.571782-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830542,
"ParentPID": 5439688,
"Thread": 49610947,
"EventTime": "2021-09-08T14:31:54.796364-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:31:54.875181-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9371878.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9371878,
"ParentPID": 9830542,
"Thread": 36896841,
"EventTime": "2021-09-08T14:31:54.926699-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:31:55.178117-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10748034",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10551328,
"ParentPID": 10748034,
"Thread": 50266153,
"EventTime": "2021-09-08T14:31:54.946704-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:31:55.178755-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9371878",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11010138,
"ParentPID": 9371878,
"Thread": 33554563,
"EventTime": "2021-09-08T14:31:54.966710-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:31:55.179492-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11010138,
"ParentPID": 9371878,
"Thread": 33554563,
"EventTime": "2021-09-08T14:31:54.976713-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:31:55.180230-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010142aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010142,
"ParentPID": 9371878,
"Thread": 33554567,
"EventTime": "2021-09-08T14:31:54.986718-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:31:55.180945-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010142aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010142,
"ParentPID": 9371878,
"Thread": 33554567,
"EventTime": "2021-09-08T14:31:54.986718-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:31:55.181655-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010142aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010142,
"ParentPID": 9371878,
"Thread": 33554567,
"EventTime": "2021-09-08T14:31:54.994340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:31:55.182383-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9371878/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11010148,
"ParentPID": 9371878,
"Thread": 33554573,
"EventTime": "2021-09-08T14:31:55.004345-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:31:55.183084-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9371878",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11010150,
"ParentPID": 9371878,
"Thread": 33554575,
"EventTime": "2021-09-08T14:31:55.006725-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:31:55.183793-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9371880,
"ParentPID": 9830542,
"Thread": 36896843,
"EventTime": "2021-09-08T14:31:55.011391-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:31:55.184536-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371880,
"ParentPID": 9830542,
"Thread": 36896843,
"EventTime": "2021-09-08T14:31:55.011391-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:31:55.185256-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830544,
"ParentPID": 5439688,
"Thread": 49610949,
"EventTime": "2021-09-08T14:31:56.124340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:31:56.391135-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9371882.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9371882,
"ParentPID": 9830544,
"Thread": 34209951,
"EventTime": "2021-09-08T14:31:56.254340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:31:56.391907-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9371882",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11010166,
"ParentPID": 9371882,
"Thread": 33554591,
"EventTime": "2021-09-08T14:31:56.284340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:31:56.392648-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11010166,
"ParentPID": 9371882,
"Thread": 33554591,
"EventTime": "2021-09-08T14:31:56.294367-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:31:56.393372-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010170aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010170,
"ParentPID": 9371882,
"Thread": 33554595,
"EventTime": "2021-09-08T14:31:56.300014-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:31:56.394088-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010170aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010170,
"ParentPID": 9371882,
"Thread": 33554595,
"EventTime": "2021-09-08T14:31:56.304395-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:31:56.394844-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010170aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010170,
"ParentPID": 9371882,
"Thread": 33554595,
"EventTime": "2021-09-08T14:31:56.304395-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:31:56.395600-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9371882/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11010176,
"ParentPID": 9371882,
"Thread": 33554601,
"EventTime": "2021-09-08T14:31:56.314357-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:31:56.396311-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9371882",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11010178,
"ParentPID": 9371882,
"Thread": 33554603,
"EventTime": "2021-09-08T14:31:56.320021-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:31:56.397018-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9371884,
"ParentPID": 9830544,
"Thread": 34209953,
"EventTime": "2021-09-08T14:31:56.320021-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:31:56.397717-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371884,
"ParentPID": 9830544,
"Thread": 34209953,
"EventTime": "2021-09-08T14:31:56.320021-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:31:56.398411-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830546,
"ParentPID": 5439688,
"Thread": 47513669,
"EventTime": "2021-09-08T14:32:07.864340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:32:08.124276-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830548,
"ParentPID": 5439688,
"Thread": 47513671,
"EventTime": "2021-09-08T14:32:09.247559-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:32:09.335298-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830550,
"ParentPID": 5439688,
"Thread": 47513673,
"EventTime": "2021-09-08T14:32:10.627944-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:32:10.849402-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830552,
"ParentPID": 5439688,
"Thread": 47513675,
"EventTime": "2021-09-08T14:32:12.013340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:32:12.062796-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9371886.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9371886,
"ParentPID": 9830552,
"Thread": 34209955,
"EventTime": "2021-09-08T14:32:12.143340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:32:12.364195-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9371886",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11010194,
"ParentPID": 9371886,
"Thread": 33554619,
"EventTime": "2021-09-08T14:32:12.175372-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:32:12.365006-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11010194,
"ParentPID": 9371886,
"Thread": 33554619,
"EventTime": "2021-09-08T14:32:12.183340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:32:12.365735-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010198aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010198,
"ParentPID": 9371886,
"Thread": 33554623,
"EventTime": "2021-09-08T14:32:12.193341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:32:12.366448-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010198aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010198,
"ParentPID": 9371886,
"Thread": 33554623,
"EventTime": "2021-09-08T14:32:12.193341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:32:12.367154-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010198aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010198,
"ParentPID": 9371886,
"Thread": 33554623,
"EventTime": "2021-09-08T14:32:12.193341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:32:12.367862-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9371886/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11010200,
"ParentPID": 9371886,
"Thread": 33554625,
"EventTime": "2021-09-08T14:32:12.203340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:32:12.368563-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9371886",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11010202,
"ParentPID": 9371886,
"Thread": 33554627,
"EventTime": "2021-09-08T14:32:12.212166-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:32:12.369264-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9371888,
"ParentPID": 9830552,
"Thread": 34209957,
"EventTime": "2021-09-08T14:32:12.213341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:32:12.369974-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371888,
"ParentPID": 9830552,
"Thread": 34209957,
"EventTime": "2021-09-08T14:32:12.213341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:32:12.370671-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830554,
"ParentPID": 5439688,
"Thread": 47513677,
"EventTime": "2021-09-08T14:32:13.485552-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:32:13.576660-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9371890.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9371890,
"ParentPID": 9830554,
"Thread": 34209959,
"EventTime": "2021-09-08T14:32:13.615879-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:32:13.880448-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9371890",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11010218,
"ParentPID": 9371890,
"Thread": 33554643,
"EventTime": "2021-09-08T14:32:13.645889-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:32:13.881265-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11010218,
"ParentPID": 9371890,
"Thread": 33554643,
"EventTime": "2021-09-08T14:32:13.655892-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:32:13.881999-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010222aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010222,
"ParentPID": 9371890,
"Thread": 33554647,
"EventTime": "2021-09-08T14:32:13.665896-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:32:13.882733-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010222aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010222,
"ParentPID": 9371890,
"Thread": 33554647,
"EventTime": "2021-09-08T14:32:13.665896-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:32:13.883670-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010222aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010222,
"ParentPID": 9371890,
"Thread": 33554647,
"EventTime": "2021-09-08T14:32:13.672082-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:32:13.884439-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9371890/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11010228,
"ParentPID": 9371890,
"Thread": 33554653,
"EventTime": "2021-09-08T14:32:13.679466-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:32:13.885176-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9371890",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11010230,
"ParentPID": 9371890,
"Thread": 33554655,
"EventTime": "2021-09-08T14:32:13.685934-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:32:13.885887-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9371892,
"ParentPID": 9830554,
"Thread": 34209961,
"EventTime": "2021-09-08T14:32:13.685934-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:32:13.886608-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371892,
"ParentPID": 9830554,
"Thread": 34209961,
"EventTime": "2021-09-08T14:32:13.685934-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:32:13.887315-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830556,
"ParentPID": 5439688,
"Thread": 47513679,
"EventTime": "2021-09-08T14:32:14.949411-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:32:15.090726-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-08T14:33:07.602344-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:33:07.672232-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00110102527eGaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11010252,
"ParentPID": 9371902,
"Thread": 34209985,
"EventTime": "2021-09-08T14:34:17.549340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:34:17.670226-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9371654,
"ParentPID": 9830560,
"Thread": 42795173,
"EventTime": "2021-09-08T14:34:17.565554-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:34:17.671040-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00110102767MGaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11010276,
"ParentPID": 9371656,
"Thread": 34210009,
"EventTime": "2021-09-08T14:34:17.665585-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:34:17.671779-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830562,
"ParentPID": 6684890,
"Thread": 36896853,
"EventTime": "2021-09-08T14:35:00.573154-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:35:00.640712-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830562,
"ParentPID": 6684890,
"Thread": 36896853,
"EventTime": "2021-09-08T14:35:00.573154-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:35:00.641483-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 13:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830562,
"ParentPID": 6684890,
"Thread": 36896853,
"EventTime": "2021-09-08T14:35:00.574389-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:35:00.642233-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830562,
"ParentPID": 6684890,
"Thread": 36896853,
"EventTime": "2021-09-08T14:35:00.574389-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:35:00.642974-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9830564,
"ParentPID": 5439688,
"Thread": 29425825,
"EventTime": "2021-09-08T14:39:54.558340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:39:54.825382-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830566,
"ParentPID": 6684890,
"Thread": 46530671,
"EventTime": "2021-09-08T14:40:00.580423-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:40:00.834267-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830566,
"ParentPID": 6684890,
"Thread": 46530671,
"EventTime": "2021-09-08T14:40:00.580423-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:40:00.835094-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 13:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830566,
"ParentPID": 6684890,
"Thread": 46530671,
"EventTime": "2021-09-08T14:40:00.583731-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:40:00.835855-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830566,
"ParentPID": 6684890,
"Thread": 46530671,
"EventTime": "2021-09-08T14:40:00.583731-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:40:00.836591-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830568,
"ParentPID": 6684890,
"Thread": 29491259,
"EventTime": "2021-09-08T14:45:00.584259-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:45:00.754878-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830568,
"ParentPID": 6684890,
"Thread": 29491259,
"EventTime": "2021-09-08T14:45:00.584259-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:45:00.755709-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 13:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830568,
"ParentPID": 6684890,
"Thread": 29491259,
"EventTime": "2021-09-08T14:45:00.584259-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:45:00.756462-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830568,
"ParentPID": 6684890,
"Thread": 29491259,
"EventTime": "2021-09-08T14:45:00.594262-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:45:00.757200-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09371658",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 11010278,
"ParentPID": 9371658,
"Thread": 42991713,
"EventTime": "2021-09-08T14:45:00.604266-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:45:00.757757-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00110103001MGaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11010300,
"ParentPID": 9371668,
"Thread": 40828989,
"EventTime": "2021-09-08T14:49:17.789341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:49:18.028746-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9371676,
"ParentPID": 9830570,
"Thread": 40697873,
"EventTime": "2021-09-08T14:49:17.807506-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:49:18.029602-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC001101006823Gaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11010068,
"ParentPID": 9371678,
"Thread": 40829013,
"EventTime": "2021-09-08T14:49:17.900043-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:49:18.030400-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830572,
"ParentPID": 6684890,
"Thread": 35258481,
"EventTime": "2021-09-08T14:50:00.615230-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:50:00.720317-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830572,
"ParentPID": 6684890,
"Thread": 35258481,
"EventTime": "2021-09-08T14:50:00.615230-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:50:00.721136-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 13:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830572,
"ParentPID": 6684890,
"Thread": 35258481,
"EventTime": "2021-09-08T14:50:00.615783-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:50:00.721898-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830572,
"ParentPID": 6684890,
"Thread": 35258481,
"EventTime": "2021-09-08T14:50:00.615783-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:50:00.722644-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830574,
"ParentPID": 6684890,
"Thread": 48693439,
"EventTime": "2021-09-08T14:55:00.624957-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:55:00.914031-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830574,
"ParentPID": 6684890,
"Thread": 48693439,
"EventTime": "2021-09-08T14:55:00.624957-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:55:00.914804-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 13:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830574,
"ParentPID": 6684890,
"Thread": 48693439,
"EventTime": "2021-09-08T14:55:00.624957-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:55:00.915561-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830574,
"ParentPID": 6684890,
"Thread": 48693439,
"EventTime": "2021-09-08T14:55:00.624957-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T14:55:00.916308-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830576,
"ParentPID": 6684890,
"Thread": 36176067,
"EventTime": "2021-09-08T15:00:00.634247-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:00:00.800775-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830576,
"ParentPID": 6684890,
"Thread": 36176067,
"EventTime": "2021-09-08T15:00:00.634247-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:00:00.801565-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 14:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830576,
"ParentPID": 6684890,
"Thread": 36176067,
"EventTime": "2021-09-08T15:00:00.634247-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:00:00.802333-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830576,
"ParentPID": 6684890,
"Thread": 36176067,
"EventTime": "2021-09-08T15:00:00.634247-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:00:00.803080-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011010090vyGaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11010090,
"ParentPID": 9830588,
"Thread": 36700269,
"EventTime": "2021-09-08T15:04:18.028341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:04:18.309166-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9830596,
"ParentPID": 9371684,
"Thread": 31916181,
"EventTime": "2021-09-08T15:04:18.041062-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:04:18.309940-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011010114wiGaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11010114,
"ParentPID": 9830598,
"Thread": 36700293,
"EventTime": "2021-09-08T15:04:18.141098-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:04:18.310625-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371686,
"ParentPID": 6684890,
"Thread": 30998735,
"EventTime": "2021-09-08T15:05:00.636712-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:05:00.697612-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371686,
"ParentPID": 6684890,
"Thread": 30998735,
"EventTime": "2021-09-08T15:05:00.636712-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:05:00.698324-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 14:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371686,
"ParentPID": 6684890,
"Thread": 30998735,
"EventTime": "2021-09-08T15:05:00.646034-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:05:00.699126-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371686,
"ParentPID": 6684890,
"Thread": 30998735,
"EventTime": "2021-09-08T15:05:00.646762-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:05:00.699892-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371688,
"ParentPID": 6684890,
"Thread": 39846083,
"EventTime": "2021-09-08T15:10:00.646008-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:10:00.827240-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371688,
"ParentPID": 6684890,
"Thread": 39846083,
"EventTime": "2021-09-08T15:10:00.646008-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:10:00.828076-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 14:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371688,
"ParentPID": 6684890,
"Thread": 39846083,
"EventTime": "2021-09-08T15:10:00.646008-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:10:00.828856-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371688,
"ParentPID": 6684890,
"Thread": 39846083,
"EventTime": "2021-09-08T15:10:00.656012-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:10:00.829603-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830602,
"ParentPID": 6684890,
"Thread": 29425863,
"EventTime": "2021-09-08T15:15:00.663809-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:15:00.754888-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9830602,
"ParentPID": 6684890,
"Thread": 29425863,
"EventTime": "2021-09-08T15:15:00.663809-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:15:00.755707-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 14:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9830602,
"ParentPID": 6684890,
"Thread": 29425863,
"EventTime": "2021-09-08T15:15:00.663809-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:15:00.756501-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9830602,
"ParentPID": 6684890,
"Thread": 29425863,
"EventTime": "2021-09-08T15:15:00.666340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:15:00.757260-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011010136qeGaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11010136,
"ParentPID": 9371700,
"Thread": 48627869,
"EventTime": "2021-09-08T15:19:18.268344-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:19:18.289326-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9371708,
"ParentPID": 9830604,
"Thread": 49348855,
"EventTime": "2021-09-08T15:19:18.285528-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:19:18.290102-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223616qQDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223616,
"ParentPID": 5636178,
"Thread": 50135163,
"EventTime": "2021-09-08T15:19:18.379262-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:19:18.599178-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636180,
"ParentPID": 6684890,
"Thread": 47186001,
"EventTime": "2021-09-08T15:20:00.673847-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:20:00.968871-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636180,
"ParentPID": 6684890,
"Thread": 47186001,
"EventTime": "2021-09-08T15:20:00.673847-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:20:00.969697-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 14:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636180,
"ParentPID": 6684890,
"Thread": 47186001,
"EventTime": "2021-09-08T15:20:00.673847-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:20:00.970457-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636180,
"ParentPID": 6684890,
"Thread": 47186001,
"EventTime": "2021-09-08T15:20:00.673847-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:20:00.971204-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636182,
"ParentPID": 6684890,
"Thread": 40173705,
"EventTime": "2021-09-08T15:25:00.684232-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:25:00.860187-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636182,
"ParentPID": 6684890,
"Thread": 40173705,
"EventTime": "2021-09-08T15:25:00.684232-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:25:00.861005-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 14:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636182,
"ParentPID": 6684890,
"Thread": 40173705,
"EventTime": "2021-09-08T15:25:00.684232-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:25:00.861760-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636182,
"ParentPID": 6684890,
"Thread": 40173705,
"EventTime": "2021-09-08T15:25:00.684232-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:25:00.862496-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636184,
"ParentPID": 6684890,
"Thread": 47186021,
"EventTime": "2021-09-08T15:30:00.688870-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:30:00.737355-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636184,
"ParentPID": 6684890,
"Thread": 47186021,
"EventTime": "2021-09-08T15:30:00.688870-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:30:00.738183-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 14:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636184,
"ParentPID": 6684890,
"Thread": 47186021,
"EventTime": "2021-09-08T15:30:00.688870-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:30:00.738942-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636184,
"ParentPID": 6684890,
"Thread": 47186021,
"EventTime": "2021-09-08T15:30:00.696376-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:30:00.739686-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-08T15:33:07.480341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:33:07.647641-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010748130kMFaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10748130,
"ParentPID": 8192238,
"Thread": 50135191,
"EventTime": "2021-09-08T15:34:18.508097-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:34:18.582425-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192246,
"ParentPID": 5636188,
"Thread": 40697917,
"EventTime": "2021-09-08T15:34:18.518100-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:34:18.583241-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010748154l7Faaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10748154,
"ParentPID": 8192248,
"Thread": 50135215,
"EventTime": "2021-09-08T15:34:18.618127-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:34:18.888209-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636190,
"ParentPID": 6684890,
"Thread": 28049515,
"EventTime": "2021-09-08T15:35:00.702534-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:35:00.953301-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636190,
"ParentPID": 6684890,
"Thread": 28049515,
"EventTime": "2021-09-08T15:35:00.704817-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:35:00.954117-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 14:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636190,
"ParentPID": 6684890,
"Thread": 28049515,
"EventTime": "2021-09-08T15:35:00.704838-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:35:00.954868-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636190,
"ParentPID": 6684890,
"Thread": 28049515,
"EventTime": "2021-09-08T15:35:00.706340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:35:00.955599-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.08192250",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9044160,
"ParentPID": 8192250,
"Thread": 38404325,
"EventTime": "2021-09-08T15:35:00.722539-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:35:00.956143-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636192,
"ParentPID": 6684890,
"Thread": 42663977,
"EventTime": "2021-09-08T15:40:00.724075-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:40:00.833233-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636192,
"ParentPID": 6684890,
"Thread": 42663977,
"EventTime": "2021-09-08T15:40:00.724075-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:40:00.834055-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 14:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636192,
"ParentPID": 6684890,
"Thread": 42663977,
"EventTime": "2021-09-08T15:40:00.724075-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:40:00.834817-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636192,
"ParentPID": 6684890,
"Thread": 42663977,
"EventTime": "2021-09-08T15:40:00.724075-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:40:00.835557-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636194,
"ParentPID": 6684890,
"Thread": 29360223,
"EventTime": "2021-09-08T15:45:00.735340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:45:01.035909-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636194,
"ParentPID": 6684890,
"Thread": 29360223,
"EventTime": "2021-09-08T15:45:00.735340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:45:01.036742-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 14:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636194,
"ParentPID": 6684890,
"Thread": 29360223,
"EventTime": "2021-09-08T15:45:00.735340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:45:01.037503-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636194,
"ParentPID": 6684890,
"Thread": 29360223,
"EventTime": "2021-09-08T15:45:00.735340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:45:01.038238-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009044182f797aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9044182,
"ParentPID": 8192004,
"Thread": 50135243,
"EventTime": "2021-09-08T15:49:18.747340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:49:18.872589-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192012,
"ParentPID": 5636196,
"Thread": 36700345,
"EventTime": "2021-09-08T15:49:18.767340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:49:18.873353-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009044206gm97aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9044206,
"ParentPID": 8192014,
"Thread": 50135267,
"EventTime": "2021-09-08T15:49:18.861881-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:49:18.874091-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636198,
"ParentPID": 6684890,
"Thread": 41746547,
"EventTime": "2021-09-08T15:50:00.745340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:50:00.955329-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636198,
"ParentPID": 6684890,
"Thread": 41746547,
"EventTime": "2021-09-08T15:50:00.745340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:50:00.956137-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 14:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636198,
"ParentPID": 6684890,
"Thread": 41746547,
"EventTime": "2021-09-08T15:50:00.745340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:50:00.956947-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636198,
"ParentPID": 6684890,
"Thread": 41746547,
"EventTime": "2021-09-08T15:50:00.745340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:50:00.957688-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636200,
"ParentPID": 6684890,
"Thread": 33554451,
"EventTime": "2021-09-08T15:55:00.756939-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:55:00.829178-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636200,
"ParentPID": 6684890,
"Thread": 33554451,
"EventTime": "2021-09-08T15:55:00.756939-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:55:00.829947-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 14:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636200,
"ParentPID": 6684890,
"Thread": 33554451,
"EventTime": "2021-09-08T15:55:00.756939-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:55:00.830700-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636200,
"ParentPID": 6684890,
"Thread": 33554451,
"EventTime": "2021-09-08T15:55:00.756939-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T15:55:00.831432-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636202,
"ParentPID": 6684890,
"Thread": 42663997,
"EventTime": "2021-09-08T16:00:00.765340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:00:01.010743-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636202,
"ParentPID": 6684890,
"Thread": 42663997,
"EventTime": "2021-09-08T16:00:00.765340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:00:01.011516-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/lib/ras/dumpcheck >/dev/null 2>&1 time = Wed Aug 18 15:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636202,
"ParentPID": 6684890,
"Thread": 42663997,
"EventTime": "2021-09-08T16:00:00.765340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:00:01.012273-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636202,
"ParentPID": 6684890,
"Thread": 42663997,
"EventTime": "2021-09-08T16:00:00.765340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:00:01.013011-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485894,
"ParentPID": 6684890,
"Thread": 32243777,
"EventTime": "2021-09-08T16:00:00.775340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:00:01.013742-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485894,
"ParentPID": 6684890,
"Thread": 32243777,
"EventTime": "2021-09-08T16:00:00.775340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:00:01.014462-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 15:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485894,
"ParentPID": 6684890,
"Thread": 32243777,
"EventTime": "2021-09-08T16:00:00.775340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:00:01.015206-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485894,
"ParentPID": 6684890,
"Thread": 32243777,
"EventTime": "2021-09-08T16:00:00.775340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:00:01.015996-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh5636202.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 5636202,
"ParentPID": 6684890,
"Thread": 42663997,
"EventTime": "2021-09-08T16:00:00.809698-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:00:01.016781-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/dump_ch5636202",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9240676,
"ParentPID": 5636202,
"Thread": 30998575,
"EventTime": "2021-09-08T16:00:00.944405-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:00:01.017497-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485948amEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485948,
"ParentPID": 5636214,
"Thread": 40435787,
"EventTime": "2021-09-08T16:04:18.987066-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:04:19.137247-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 5636222,
"ParentPID": 9240682,
"Thread": 34472077,
"EventTime": "2021-09-08T16:04:19.007071-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:04:19.138073-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485972aUEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485972,
"ParentPID": 5636224,
"Thread": 40435811,
"EventTime": "2021-09-08T16:04:19.097323-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:04:19.138809-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240684,
"ParentPID": 6684890,
"Thread": 27132119,
"EventTime": "2021-09-08T16:05:00.945340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:05:01.209237-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240684,
"ParentPID": 6684890,
"Thread": 27132119,
"EventTime": "2021-09-08T16:05:00.945340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:05:01.210005-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 15:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240684,
"ParentPID": 6684890,
"Thread": 27132119,
"EventTime": "2021-09-08T16:05:00.945340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:05:01.210753-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240684,
"ParentPID": 6684890,
"Thread": 27132119,
"EventTime": "2021-09-08T16:05:00.945340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:05:01.211489-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240686,
"ParentPID": 5439688,
"Thread": 27132121,
"EventTime": "2021-09-08T16:05:14.734340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:05:14.743902-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240688,
"ParentPID": 5439688,
"Thread": 27132123,
"EventTime": "2021-09-08T16:05:15.863278-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:05:15.951607-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240690,
"ParentPID": 5439688,
"Thread": 27132125,
"EventTime": "2021-09-08T16:05:16.124340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:05:16.255180-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240692,
"ParentPID": 5439688,
"Thread": 27132127,
"EventTime": "2021-09-08T16:05:16.254340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:05:16.563119-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240694,
"ParentPID": 5439688,
"Thread": 27132129,
"EventTime": "2021-09-08T16:05:16.524660-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:05:16.563918-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240696,
"ParentPID": 5439688,
"Thread": 27132131,
"EventTime": "2021-09-08T16:05:16.794340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:05:16.865151-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240698,
"ParentPID": 5439688,
"Thread": 27132133,
"EventTime": "2021-09-08T16:05:17.064340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:05:17.174798-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240700,
"ParentPID": 5439688,
"Thread": 27132135,
"EventTime": "2021-09-08T16:05:17.325212-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:05:17.476108-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240702,
"ParentPID": 5439688,
"Thread": 27132137,
"EventTime": "2021-09-08T16:05:17.584973-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:05:17.785167-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240704,
"ParentPID": 5439688,
"Thread": 27132139,
"EventTime": "2021-09-08T16:05:17.845632-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:05:18.087044-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240706,
"ParentPID": 6684890,
"Thread": 22675687,
"EventTime": "2021-09-08T16:10:00.956447-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:10:01.157430-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240706,
"ParentPID": 6684890,
"Thread": 22675687,
"EventTime": "2021-09-08T16:10:00.956447-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:10:01.158235-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 15:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240706,
"ParentPID": 6684890,
"Thread": 22675687,
"EventTime": "2021-09-08T16:10:00.956447-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:10:01.158983-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240706,
"ParentPID": 6684890,
"Thread": 22675687,
"EventTime": "2021-09-08T16:10:00.958787-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:10:01.159719-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240708,
"ParentPID": 6684890,
"Thread": 35258549,
"EventTime": "2021-09-08T16:15:00.965197-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:15:01.086032-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240708,
"ParentPID": 6684890,
"Thread": 35258549,
"EventTime": "2021-09-08T16:15:00.965197-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:15:01.086841-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 15:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240708,
"ParentPID": 6684890,
"Thread": 35258549,
"EventTime": "2021-09-08T16:15:00.965197-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:15:01.087580-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240708,
"ParentPID": 6684890,
"Thread": 35258549,
"EventTime": "2021-09-08T16:15:00.965197-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:15:01.088300-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.05636226",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10485974,
"ParentPID": 5636226,
"Thread": 47186069,
"EventTime": "2021-09-08T16:15:00.984937-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:15:01.088832-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485996WUEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485996,
"ParentPID": 9240720,
"Thread": 39059525,
"EventTime": "2021-09-08T16:19:19.226341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:19:19.497204-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9240728,
"ParentPID": 5636230,
"Thread": 38731795,
"EventTime": "2021-09-08T16:19:19.246863-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:19:19.498003-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485764XAEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485764,
"ParentPID": 9240730,
"Thread": 39059549,
"EventTime": "2021-09-08T16:19:19.341238-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:19:19.498741-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636232,
"ParentPID": 6684890,
"Thread": 35717301,
"EventTime": "2021-09-08T16:20:00.984034-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:20:01.264455-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636232,
"ParentPID": 6684890,
"Thread": 35717301,
"EventTime": "2021-09-08T16:20:00.984034-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:20:01.265234-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 15:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636232,
"ParentPID": 6684890,
"Thread": 35717301,
"EventTime": "2021-09-08T16:20:00.984034-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:20:01.266048-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636232,
"ParentPID": 6684890,
"Thread": 35717301,
"EventTime": "2021-09-08T16:20:00.984034-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:20:01.266782-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636234,
"ParentPID": 6684890,
"Thread": 27131917,
"EventTime": "2021-09-08T16:25:00.995064-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:25:01.185403-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636234,
"ParentPID": 6684890,
"Thread": 27131917,
"EventTime": "2021-09-08T16:25:00.995064-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:25:01.186226-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 15:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636234,
"ParentPID": 6684890,
"Thread": 27131917,
"EventTime": "2021-09-08T16:25:00.995064-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:25:01.186978-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636234,
"ParentPID": 6684890,
"Thread": 27131917,
"EventTime": "2021-09-08T16:25:00.995064-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:25:01.187715-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636236,
"ParentPID": 6684890,
"Thread": 37421203,
"EventTime": "2021-09-08T16:30:00.004593-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:30:00.144520-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636236,
"ParentPID": 6684890,
"Thread": 37421203,
"EventTime": "2021-09-08T16:30:00.004593-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:30:00.145331-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 15:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636236,
"ParentPID": 6684890,
"Thread": 37421203,
"EventTime": "2021-09-08T16:30:00.004593-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:30:00.146084-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636236,
"ParentPID": 6684890,
"Thread": 37421203,
"EventTime": "2021-09-08T16:30:00.004593-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:30:00.146814-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636238,
"ParentPID": 5439688,
"Thread": 35651787,
"EventTime": "2021-09-08T16:31:33.121340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:33.323663-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9240732.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9240732,
"ParentPID": 5636238,
"Thread": 31916203,
"EventTime": "2021-09-08T16:31:33.251489-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:33.324408-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9240732",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10485780,
"ParentPID": 9240732,
"Thread": 34996371,
"EventTime": "2021-09-08T16:31:33.281496-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:33.325136-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10485780,
"ParentPID": 9240732,
"Thread": 34996371,
"EventTime": "2021-09-08T16:31:33.291501-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:33.325856-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485784aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485784,
"ParentPID": 9240732,
"Thread": 34996375,
"EventTime": "2021-09-08T16:31:33.301340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:33.326562-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485784aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485784,
"ParentPID": 9240732,
"Thread": 34996375,
"EventTime": "2021-09-08T16:31:33.301503-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:33.327275-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485784aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485784,
"ParentPID": 9240732,
"Thread": 34996375,
"EventTime": "2021-09-08T16:31:33.301503-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:33.327981-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9240732/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10485790,
"ParentPID": 9240732,
"Thread": 34996381,
"EventTime": "2021-09-08T16:31:33.311506-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:33.328679-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9240732",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10485792,
"ParentPID": 9240732,
"Thread": 34996383,
"EventTime": "2021-09-08T16:31:33.311506-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:33.329388-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9240734,
"ParentPID": 5636238,
"Thread": 31916205,
"EventTime": "2021-09-08T16:31:33.321508-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:33.632126-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240734,
"ParentPID": 5636238,
"Thread": 31916205,
"EventTime": "2021-09-08T16:31:33.321508-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:33.632919-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636240,
"ParentPID": 5439688,
"Thread": 35651789,
"EventTime": "2021-09-08T16:31:33.772659-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:33.934398-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9240736.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9240736,
"ParentPID": 5636240,
"Thread": 31916207,
"EventTime": "2021-09-08T16:31:33.902995-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:33.935146-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9240736",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10485808,
"ParentPID": 9240736,
"Thread": 34996399,
"EventTime": "2021-09-08T16:31:33.933009-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:34.242146-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10485808,
"ParentPID": 9240736,
"Thread": 34996399,
"EventTime": "2021-09-08T16:31:33.943736-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:34.242946-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485812aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485812,
"ParentPID": 9240736,
"Thread": 34996403,
"EventTime": "2021-09-08T16:31:33.953016-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:34.243669-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485812aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485812,
"ParentPID": 9240736,
"Thread": 34996403,
"EventTime": "2021-09-08T16:31:33.953016-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:34.244429-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485812aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485812,
"ParentPID": 9240736,
"Thread": 34996403,
"EventTime": "2021-09-08T16:31:33.958540-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:34.245142-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9240736/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10485814,
"ParentPID": 9240736,
"Thread": 34996405,
"EventTime": "2021-09-08T16:31:33.963019-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:34.245857-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9240736",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10485816,
"ParentPID": 9240736,
"Thread": 34996407,
"EventTime": "2021-09-08T16:31:33.971343-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:34.246559-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9240738,
"ParentPID": 5636240,
"Thread": 31916209,
"EventTime": "2021-09-08T16:31:33.973434-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:34.247257-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240738,
"ParentPID": 5636240,
"Thread": 31916209,
"EventTime": "2021-09-08T16:31:33.973434-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:34.247962-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636242,
"ParentPID": 5439688,
"Thread": 35651791,
"EventTime": "2021-09-08T16:31:34.961340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:35.156918-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9240740.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9240740,
"ParentPID": 5636242,
"Thread": 31916211,
"EventTime": "2021-09-08T16:31:35.091340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:35.157669-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9240740",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10485832,
"ParentPID": 9240740,
"Thread": 34996423,
"EventTime": "2021-09-08T16:31:35.125818-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:35.158396-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10485832,
"ParentPID": 9240740,
"Thread": 34996423,
"EventTime": "2021-09-08T16:31:35.131343-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:35.159111-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485836aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485836,
"ParentPID": 9240740,
"Thread": 34996427,
"EventTime": "2021-09-08T16:31:35.141340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:35.159820-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485836aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485836,
"ParentPID": 9240740,
"Thread": 34996427,
"EventTime": "2021-09-08T16:31:35.141340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:35.160528-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485836aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485836,
"ParentPID": 9240740,
"Thread": 34996427,
"EventTime": "2021-09-08T16:31:35.141340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:35.161231-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9240740/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10485842,
"ParentPID": 9240740,
"Thread": 34996433,
"EventTime": "2021-09-08T16:31:35.151383-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:35.161975-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9240740",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10485844,
"ParentPID": 9240740,
"Thread": 34996435,
"EventTime": "2021-09-08T16:31:35.161340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:35.467389-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9240742,
"ParentPID": 5636242,
"Thread": 31916213,
"EventTime": "2021-09-08T16:31:35.165836-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:35.468142-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240742,
"ParentPID": 5636242,
"Thread": 31916213,
"EventTime": "2021-09-08T16:31:35.165836-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:35.468870-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636244,
"ParentPID": 5439688,
"Thread": 35651793,
"EventTime": "2021-09-08T16:31:46.666826-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:46.908382-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636246,
"ParentPID": 5439688,
"Thread": 35651795,
"EventTime": "2021-09-08T16:31:48.050671-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:48.111309-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636248,
"ParentPID": 5439688,
"Thread": 35651797,
"EventTime": "2021-09-08T16:31:49.434531-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:49.613554-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636250,
"ParentPID": 5439688,
"Thread": 35651799,
"EventTime": "2021-09-08T16:31:50.818347-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:51.119853-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9240744.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9240744,
"ParentPID": 5636250,
"Thread": 31916215,
"EventTime": "2021-09-08T16:31:50.948682-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:51.120644-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9240744",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10485860,
"ParentPID": 9240744,
"Thread": 34996451,
"EventTime": "2021-09-08T16:31:50.980340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:51.121432-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10485860,
"ParentPID": 9240744,
"Thread": 34996451,
"EventTime": "2021-09-08T16:31:50.983824-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:51.122156-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485864aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485864,
"ParentPID": 9240744,
"Thread": 34996455,
"EventTime": "2021-09-08T16:31:50.990340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:51.122860-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485864aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485864,
"ParentPID": 9240744,
"Thread": 34996455,
"EventTime": "2021-09-08T16:31:50.990340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:51.123571-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485864aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485864,
"ParentPID": 9240744,
"Thread": 34996455,
"EventTime": "2021-09-08T16:31:51.000342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:51.124268-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9240744/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10485866,
"ParentPID": 9240744,
"Thread": 34996457,
"EventTime": "2021-09-08T16:31:51.010370-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:51.124965-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9240744",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10485868,
"ParentPID": 9240744,
"Thread": 34996459,
"EventTime": "2021-09-08T16:31:51.012067-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:51.125664-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9240746,
"ParentPID": 5636250,
"Thread": 31916217,
"EventTime": "2021-09-08T16:31:51.020340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:51.126357-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240746,
"ParentPID": 5636250,
"Thread": 31916217,
"EventTime": "2021-09-08T16:31:51.020340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:51.127050-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10485870",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9371830,
"ParentPID": 10485870,
"Thread": 40173785,
"EventTime": "2021-09-08T16:31:51.028708-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:51.127565-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636252,
"ParentPID": 5439688,
"Thread": 35651801,
"EventTime": "2021-09-08T16:31:52.282165-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:52.333132-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9240748.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9240748,
"ParentPID": 5636252,
"Thread": 31916219,
"EventTime": "2021-09-08T16:31:52.414824-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:52.641194-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9240748",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10485886,
"ParentPID": 9240748,
"Thread": 34996477,
"EventTime": "2021-09-08T16:31:52.450340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:52.642003-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10485886,
"ParentPID": 9240748,
"Thread": 34996477,
"EventTime": "2021-09-08T16:31:52.452519-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:52.642734-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485890aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485890,
"ParentPID": 9240748,
"Thread": 34996225,
"EventTime": "2021-09-08T16:31:52.464836-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:52.643458-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485890aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485890,
"ParentPID": 9240748,
"Thread": 34996225,
"EventTime": "2021-09-08T16:31:52.464836-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:52.644166-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485890aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485890,
"ParentPID": 9240748,
"Thread": 34996225,
"EventTime": "2021-09-08T16:31:52.470340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:52.644893-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9240748/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10485896,
"ParentPID": 9240748,
"Thread": 34996231,
"EventTime": "2021-09-08T16:31:52.480344-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:52.645605-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9240748",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10485898,
"ParentPID": 9240748,
"Thread": 34996233,
"EventTime": "2021-09-08T16:31:52.482531-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:52.646313-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9240750,
"ParentPID": 5636252,
"Thread": 31916221,
"EventTime": "2021-09-08T16:31:52.482531-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:52.647024-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240750,
"ParentPID": 5636252,
"Thread": 31916221,
"EventTime": "2021-09-08T16:31:52.482531-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:52.647728-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636254,
"ParentPID": 5439688,
"Thread": 35651803,
"EventTime": "2021-09-08T16:31:53.745899-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:31:53.857125-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-08T16:33:07.358701-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:33:07.459614-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485920R7Eaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485920,
"ParentPID": 9240760,
"Thread": 39059577,
"EventTime": "2021-09-08T16:34:19.464599-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:34:19.585545-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9240768,
"ParentPID": 5636258,
"Thread": 40829065,
"EventTime": "2021-09-08T16:34:19.476155-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:34:19.586310-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485944SqEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485944,
"ParentPID": 9240770,
"Thread": 39059601,
"EventTime": "2021-09-08T16:34:19.575340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:34:19.587090-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636260,
"ParentPID": 6684890,
"Thread": 35651813,
"EventTime": "2021-09-08T16:35:00.014597-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:35:00.160195-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636260,
"ParentPID": 6684890,
"Thread": 35651813,
"EventTime": "2021-09-08T16:35:00.014597-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:35:00.160958-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 15:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636260,
"ParentPID": 6684890,
"Thread": 35651813,
"EventTime": "2021-09-08T16:35:00.014597-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:35:00.161707-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636260,
"ParentPID": 6684890,
"Thread": 35651813,
"EventTime": "2021-09-08T16:35:00.014597-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:35:00.162437-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636262,
"ParentPID": 6684890,
"Thread": 37421225,
"EventTime": "2021-09-08T16:40:00.023341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:40:00.052800-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636262,
"ParentPID": 6684890,
"Thread": 37421225,
"EventTime": "2021-09-08T16:40:00.023341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:40:00.053599-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 15:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636262,
"ParentPID": 6684890,
"Thread": 37421225,
"EventTime": "2021-09-08T16:40:00.023341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:40:00.054413-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636262,
"ParentPID": 6684890,
"Thread": 37421225,
"EventTime": "2021-09-08T16:40:00.023341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:40:00.055153-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636264,
"ParentPID": 5439688,
"Thread": 37421227,
"EventTime": "2021-09-08T16:40:25.223340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:40:25.312236-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636266,
"ParentPID": 6684890,
"Thread": 46727175,
"EventTime": "2021-09-08T16:45:00.034669-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:45:00.297451-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636266,
"ParentPID": 6684890,
"Thread": 46727175,
"EventTime": "2021-09-08T16:45:00.034669-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:45:00.298271-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 15:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636266,
"ParentPID": 6684890,
"Thread": 46727175,
"EventTime": "2021-09-08T16:45:00.034669-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:45:00.299018-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636266,
"ParentPID": 6684890,
"Thread": 46727175,
"EventTime": "2021-09-08T16:45:00.040058-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:45:00.299753-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010747940MmFaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10747940,
"ParentPID": 10485954,
"Thread": 34996275,
"EventTime": "2021-09-08T16:49:19.703369-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:49:19.926729-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10485962,
"ParentPID": 5636268,
"Thread": 32768209,
"EventTime": "2021-09-08T16:49:19.715531-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:49:19.927546-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010747964MYFaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10747964,
"ParentPID": 10485964,
"Thread": 34996299,
"EventTime": "2021-09-08T16:49:19.815563-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:49:19.928284-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10747966,
"ParentPID": 6684890,
"Thread": 42991735,
"EventTime": "2021-09-08T16:50:00.047315-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:50:00.160995-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10747966,
"ParentPID": 6684890,
"Thread": 42991735,
"EventTime": "2021-09-08T16:50:00.047315-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:50:00.161809-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 15:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10747966,
"ParentPID": 6684890,
"Thread": 42991735,
"EventTime": "2021-09-08T16:50:00.047315-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:50:00.162572-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10747966,
"ParentPID": 6684890,
"Thread": 42991735,
"EventTime": "2021-09-08T16:50:00.047315-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:50:00.163308-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10747968,
"ParentPID": 6684890,
"Thread": 50266215,
"EventTime": "2021-09-08T16:55:00.051340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:55:00.344772-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10747968,
"ParentPID": 6684890,
"Thread": 50266215,
"EventTime": "2021-09-08T16:55:00.051340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:55:00.345587-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 15:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10747968,
"ParentPID": 6684890,
"Thread": 50266215,
"EventTime": "2021-09-08T16:55:00.056967-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:55:00.346336-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10747968,
"ParentPID": 6684890,
"Thread": 50266215,
"EventTime": "2021-09-08T16:55:00.056967-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T16:55:00.347070-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10747970,
"ParentPID": 6684890,
"Thread": 42991755,
"EventTime": "2021-09-08T17:00:00.065309-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:00:00.263342-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10747970,
"ParentPID": 6684890,
"Thread": 42991755,
"EventTime": "2021-09-08T17:00:00.065309-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:00:00.264165-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 16:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10747970,
"ParentPID": 6684890,
"Thread": 42991755,
"EventTime": "2021-09-08T17:00:00.065309-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:00:00.264915-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10747970,
"ParentPID": 6684890,
"Thread": 42991755,
"EventTime": "2021-09-08T17:00:00.065309-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:00:00.265657-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485986GUEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485986,
"ParentPID": 10747982,
"Thread": 42664029,
"EventTime": "2021-09-08T17:04:19.942341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:04:20.202702-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10747990,
"ParentPID": 5636274,
"Thread": 36700387,
"EventTime": "2021-09-08T17:04:19.952989-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:04:20.203711-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010486010HEEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10486010,
"ParentPID": 10747992,
"Thread": 42664053,
"EventTime": "2021-09-08T17:04:20.053018-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:04:20.204439-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10747994,
"ParentPID": 6684890,
"Thread": 44957729,
"EventTime": "2021-09-08T17:05:00.071915-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:05:00.180790-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10747994,
"ParentPID": 6684890,
"Thread": 44957729,
"EventTime": "2021-09-08T17:05:00.071915-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:05:00.181598-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 16:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10747994,
"ParentPID": 6684890,
"Thread": 44957729,
"EventTime": "2021-09-08T17:05:00.071915-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:05:00.182356-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10747994,
"ParentPID": 6684890,
"Thread": 44957729,
"EventTime": "2021-09-08T17:05:00.071915-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:05:00.183083-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10747996,
"ParentPID": 6684890,
"Thread": 36700397,
"EventTime": "2021-09-08T17:10:00.083019-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:10:00.373209-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10747996,
"ParentPID": 6684890,
"Thread": 36700397,
"EventTime": "2021-09-08T17:10:00.083019-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:10:00.373971-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 16:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10747996,
"ParentPID": 6684890,
"Thread": 36700397,
"EventTime": "2021-09-08T17:10:00.083019-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:10:00.374706-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10747996,
"ParentPID": 6684890,
"Thread": 36700397,
"EventTime": "2021-09-08T17:10:00.083019-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:10:00.375430-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.05636276",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10486012,
"ParentPID": 5636276,
"Thread": 49152139,
"EventTime": "2021-09-08T17:10:00.103025-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:10:00.375963-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10747998,
"ParentPID": 6684890,
"Thread": 41418865,
"EventTime": "2021-09-08T17:15:00.105765-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:15:00.252219-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10747998,
"ParentPID": 6684890,
"Thread": 41418865,
"EventTime": "2021-09-08T17:15:00.105765-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:15:00.253041-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 16:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10747998,
"ParentPID": 6684890,
"Thread": 41418865,
"EventTime": "2021-09-08T17:15:00.105765-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:15:00.253788-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10747998,
"ParentPID": 6684890,
"Thread": 41418865,
"EventTime": "2021-09-08T17:15:00.110340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:15:00.254530-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485778BAEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485778,
"ParentPID": 10748010,
"Thread": 48955567,
"EventTime": "2021-09-08T17:19:20.181340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:19:20.209423-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10748018,
"ParentPID": 5636280,
"Thread": 32178183,
"EventTime": "2021-09-08T17:19:20.198424-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:19:20.210184-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485802CuEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485802,
"ParentPID": 10748020,
"Thread": 48955591,
"EventTime": "2021-09-08T17:19:20.291344-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:19:20.512210-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10748022,
"ParentPID": 6684890,
"Thread": 39583895,
"EventTime": "2021-09-08T17:20:00.116571-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:20:00.196945-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10748022,
"ParentPID": 6684890,
"Thread": 39583895,
"EventTime": "2021-09-08T17:20:00.116571-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:20:00.197764-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 16:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10748022,
"ParentPID": 6684890,
"Thread": 39583895,
"EventTime": "2021-09-08T17:20:00.119341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:20:00.198518-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10748022,
"ParentPID": 6684890,
"Thread": 39583895,
"EventTime": "2021-09-08T17:20:00.119341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:20:00.199251-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10748024,
"ParentPID": 6684890,
"Thread": 49086599,
"EventTime": "2021-09-08T17:25:00.127703-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:25:00.406597-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10748024,
"ParentPID": 6684890,
"Thread": 49086599,
"EventTime": "2021-09-08T17:25:00.127703-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:25:00.407422-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 16:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10748024,
"ParentPID": 6684890,
"Thread": 49086599,
"EventTime": "2021-09-08T17:25:00.129340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:25:00.408228-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10748024,
"ParentPID": 6684890,
"Thread": 49086599,
"EventTime": "2021-09-08T17:25:00.129340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:25:00.408960-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10748026,
"ParentPID": 5439688,
"Thread": 33554489,
"EventTime": "2021-09-08T17:29:23.900340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:29:23.933171-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10551370.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10551370,
"ParentPID": 10748026,
"Thread": 35258573,
"EventTime": "2021-09-08T17:29:24.030340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:29:24.236686-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10551370",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10289216,
"ParentPID": 10551370,
"Thread": 32178213,
"EventTime": "2021-09-08T17:29:24.065464-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:29:24.237498-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10289216,
"ParentPID": 10551370,
"Thread": 32178213,
"EventTime": "2021-09-08T17:29:24.071132-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:29:24.238225-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289220aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289220,
"ParentPID": 10551370,
"Thread": 32178217,
"EventTime": "2021-09-08T17:29:24.080340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:29:24.238941-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289220aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289220,
"ParentPID": 10551370,
"Thread": 32178217,
"EventTime": "2021-09-08T17:29:24.080340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:29:24.239642-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289220aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289220,
"ParentPID": 10551370,
"Thread": 32178217,
"EventTime": "2021-09-08T17:29:24.080340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:29:24.240401-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10551370/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10289222,
"ParentPID": 10551370,
"Thread": 32178219,
"EventTime": "2021-09-08T17:29:24.090341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:29:24.241120-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10551370",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10289224,
"ParentPID": 10551370,
"Thread": 32178221,
"EventTime": "2021-09-08T17:29:24.095473-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:29:24.241881-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10551372,
"ParentPID": 10748026,
"Thread": 35258575,
"EventTime": "2021-09-08T17:29:24.100341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:29:24.242598-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551372,
"ParentPID": 10748026,
"Thread": 35258575,
"EventTime": "2021-09-08T17:29:24.100341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:29:24.243302-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10748028,
"ParentPID": 5439688,
"Thread": 33554491,
"EventTime": "2021-09-08T17:29:25.479220-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:29:25.750632-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10551374.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10551374,
"ParentPID": 10748028,
"Thread": 35258577,
"EventTime": "2021-09-08T17:29:25.610343-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:29:25.751456-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10551374",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10289240,
"ParentPID": 10551374,
"Thread": 32178237,
"EventTime": "2021-09-08T17:29:25.640340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:29:25.752196-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10289240,
"ParentPID": 10551374,
"Thread": 32178237,
"EventTime": "2021-09-08T17:29:25.640340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:29:25.752925-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289244aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289244,
"ParentPID": 10551374,
"Thread": 32178241,
"EventTime": "2021-09-08T17:29:25.650340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:29:25.753641-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289244aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289244,
"ParentPID": 10551374,
"Thread": 32178241,
"EventTime": "2021-09-08T17:29:25.650340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:29:25.754356-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10289244aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10289244,
"ParentPID": 10551374,
"Thread": 32178241,
"EventTime": "2021-09-08T17:29:25.661493-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:29:25.755067-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10551374/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10289250,
"ParentPID": 10551374,
"Thread": 32178247,
"EventTime": "2021-09-08T17:29:25.672403-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:29:25.755775-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10551374",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10289252,
"ParentPID": 10551374,
"Thread": 32178249,
"EventTime": "2021-09-08T17:29:25.672403-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:29:25.756493-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10551376,
"ParentPID": 10748028,
"Thread": 35258579,
"EventTime": "2021-09-08T17:29:25.672403-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:29:25.757199-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10551376,
"ParentPID": 10748028,
"Thread": 35258579,
"EventTime": "2021-09-08T17:29:25.672403-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:29:25.757897-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10748030,
"ParentPID": 6684890,
"Thread": 49283251,
"EventTime": "2021-09-08T17:30:00.133305-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:30:00.298163-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10748030,
"ParentPID": 6684890,
"Thread": 49283251,
"EventTime": "2021-09-08T17:30:00.133305-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:30:00.298991-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 16:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10748030,
"ParentPID": 6684890,
"Thread": 49283251,
"EventTime": "2021-09-08T17:30:00.139340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:30:00.299790-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10748030,
"ParentPID": 6684890,
"Thread": 49283251,
"EventTime": "2021-09-08T17:30:00.139340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:30:00.300599-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-08T17:33:07.234376-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:33:07.519892-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00102892747qDqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10289274,
"ParentPID": 10551386,
"Thread": 42139837,
"EventTime": "2021-09-08T17:34:20.420369-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:34:20.541728-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10551394,
"ParentPID": 10748034,
"Thread": 32964717,
"EventTime": "2021-09-08T17:34:20.434715-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:34:20.542540-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00102892988aDqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10289298,
"ParentPID": 10551396,
"Thread": 42139861,
"EventTime": "2021-09-08T17:34:20.534799-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:34:20.543276-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10748036,
"ParentPID": 6684890,
"Thread": 32047293,
"EventTime": "2021-09-08T17:35:00.144141-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:35:00.209161-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10748036,
"ParentPID": 6684890,
"Thread": 32047293,
"EventTime": "2021-09-08T17:35:00.144141-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:35:00.209991-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 16:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10748036,
"ParentPID": 6684890,
"Thread": 32047293,
"EventTime": "2021-09-08T17:35:00.144141-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:35:00.210795-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10748036,
"ParentPID": 6684890,
"Thread": 32047293,
"EventTime": "2021-09-08T17:35:00.144141-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:35:00.211532-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10748038,
"ParentPID": 5439688,
"Thread": 47382659,
"EventTime": "2021-09-08T17:38:24.663532-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:38:24.802317-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10748040,
"ParentPID": 6684890,
"Thread": 47382667,
"EventTime": "2021-09-08T17:40:00.154265-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:40:00.344602-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10748040,
"ParentPID": 6684890,
"Thread": 47382667,
"EventTime": "2021-09-08T17:40:00.154265-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:40:00.345425-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 16:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10748040,
"ParentPID": 6684890,
"Thread": 47382667,
"EventTime": "2021-09-08T17:40:00.159340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:40:00.346179-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10748040,
"ParentPID": 6684890,
"Thread": 47382667,
"EventTime": "2021-09-08T17:40:00.159340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:40:00.346911-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10748042,
"ParentPID": 6684890,
"Thread": 42467435,
"EventTime": "2021-09-08T17:45:00.165508-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:45:00.276660-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10748042,
"ParentPID": 6684890,
"Thread": 42467435,
"EventTime": "2021-09-08T17:45:00.165508-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:45:00.277418-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 16:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10748042,
"ParentPID": 6684890,
"Thread": 42467435,
"EventTime": "2021-09-08T17:45:00.168785-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:45:00.278161-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10748042,
"ParentPID": 6684890,
"Thread": 42467435,
"EventTime": "2021-09-08T17:45:00.168785-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:45:00.278920-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09371900",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10223632,
"ParentPID": 9371900,
"Thread": 46727195,
"EventTime": "2021-09-08T17:45:00.185516-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:45:00.279506-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00102236541YDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223654,
"ParentPID": 9371654,
"Thread": 32964747,
"EventTime": "2021-09-08T17:49:20.650340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:49:20.781070-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9371662,
"ParentPID": 10748044,
"Thread": 42139885,
"EventTime": "2021-09-08T17:49:20.674284-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:49:20.781880-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00102236782IDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223678,
"ParentPID": 9371664,
"Thread": 32964771,
"EventTime": "2021-09-08T17:49:20.770342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:49:20.782610-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10748046,
"ParentPID": 6684890,
"Thread": 45023295,
"EventTime": "2021-09-08T17:50:00.188340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:50:00.416709-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10748046,
"ParentPID": 6684890,
"Thread": 45023295,
"EventTime": "2021-09-08T17:50:00.188340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:50:00.417532-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 16:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10748046,
"ParentPID": 6684890,
"Thread": 45023295,
"EventTime": "2021-09-08T17:50:00.188340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:50:00.418287-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10748046,
"ParentPID": 6684890,
"Thread": 45023295,
"EventTime": "2021-09-08T17:50:00.188340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:50:00.419072-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10748048,
"ParentPID": 6684890,
"Thread": 33947863,
"EventTime": "2021-09-08T17:55:00.195266-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:55:00.356066-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10748048,
"ParentPID": 6684890,
"Thread": 33947863,
"EventTime": "2021-09-08T17:55:00.195266-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:55:00.356878-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 16:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10748048,
"ParentPID": 6684890,
"Thread": 33947863,
"EventTime": "2021-09-08T17:55:00.195266-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:55:00.357622-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10748048,
"ParentPID": 6684890,
"Thread": 33947863,
"EventTime": "2021-09-08T17:55:00.195266-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T17:55:00.358383-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10748050,
"ParentPID": 6684890,
"Thread": 40173593,
"EventTime": "2021-09-08T18:00:00.208341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:00:00.254919-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10748050,
"ParentPID": 6684890,
"Thread": 40173593,
"EventTime": "2021-09-08T18:00:00.208341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:00:00.255749-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 17:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10748050,
"ParentPID": 6684890,
"Thread": 40173593,
"EventTime": "2021-09-08T18:00:00.208341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:00:00.256509-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10748050,
"ParentPID": 6684890,
"Thread": 40173593,
"EventTime": "2021-09-08T18:00:00.208341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:00:00.257247-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223700vEDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223700,
"ParentPID": 10748062,
"Thread": 28049593,
"EventTime": "2021-09-08T18:04:20.898573-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:04:21.120542-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10748070,
"ParentPID": 9371670,
"Thread": 22282389,
"EventTime": "2021-09-08T18:04:20.913710-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:04:21.121450-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223724wuDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223724,
"ParentPID": 10748072,
"Thread": 28049617,
"EventTime": "2021-09-08T18:04:20.999689-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:04:21.122190-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10748074,
"ParentPID": 6684890,
"Thread": 32964787,
"EventTime": "2021-09-08T18:05:00.216611-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:05:00.491792-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10748074,
"ParentPID": 6684890,
"Thread": 32964787,
"EventTime": "2021-09-08T18:05:00.216611-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:05:00.492596-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 17:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10748074,
"ParentPID": 6684890,
"Thread": 32964787,
"EventTime": "2021-09-08T18:05:00.216611-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:05:00.493342-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10748074,
"ParentPID": 6684890,
"Thread": 32964787,
"EventTime": "2021-09-08T18:05:00.216611-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:05:00.494070-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10748076,
"ParentPID": 5439688,
"Thread": 32243845,
"EventTime": "2021-09-08T18:07:05.962123-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:07:06.101462-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10748078,
"ParentPID": 5439688,
"Thread": 32243847,
"EventTime": "2021-09-08T18:07:07.024964-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:07:07.306544-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10748080,
"ParentPID": 5439688,
"Thread": 32243849,
"EventTime": "2021-09-08T18:07:07.294340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:07:07.307354-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10748082,
"ParentPID": 5439688,
"Thread": 32243851,
"EventTime": "2021-09-08T18:07:07.425993-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:07:07.615179-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10748084,
"ParentPID": 5439688,
"Thread": 32243853,
"EventTime": "2021-09-08T18:07:07.696674-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:07:07.918075-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10748086,
"ParentPID": 5439688,
"Thread": 32243855,
"EventTime": "2021-09-08T18:07:07.974340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:07:08.219156-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10748088,
"ParentPID": 5439688,
"Thread": 32243857,
"EventTime": "2021-09-08T18:07:08.244340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:07:08.525165-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10748090,
"ParentPID": 5439688,
"Thread": 32243859,
"EventTime": "2021-09-08T18:07:08.504340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:07:08.525972-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10748092,
"ParentPID": 5439688,
"Thread": 32243861,
"EventTime": "2021-09-08T18:07:08.764340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:07:08.830343-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10748094,
"ParentPID": 5439688,
"Thread": 32243863,
"EventTime": "2021-09-08T18:07:09.024340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:07:09.135142-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10748096,
"ParentPID": 6684890,
"Thread": 45547577,
"EventTime": "2021-09-08T18:10:00.228340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:10:00.434794-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10748096,
"ParentPID": 6684890,
"Thread": 45547577,
"EventTime": "2021-09-08T18:10:00.228340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:10:00.435596-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 17:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10748096,
"ParentPID": 6684890,
"Thread": 45547577,
"EventTime": "2021-09-08T18:10:00.228340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:10:00.436339-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10748096,
"ParentPID": 6684890,
"Thread": 45547577,
"EventTime": "2021-09-08T18:10:00.230915-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:10:00.437076-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10748098,
"ParentPID": 6684890,
"Thread": 32243881,
"EventTime": "2021-09-08T18:15:00.239340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:15:00.279908-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10748098,
"ParentPID": 6684890,
"Thread": 32243881,
"EventTime": "2021-09-08T18:15:00.239340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:15:00.280714-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 17:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10748098,
"ParentPID": 6684890,
"Thread": 32243881,
"EventTime": "2021-09-08T18:15:00.239340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:15:00.281458-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10748098,
"ParentPID": 6684890,
"Thread": 32243881,
"EventTime": "2021-09-08T18:15:00.239340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:15:00.282192-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010289352quDqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10289352,
"ParentPID": 10748110,
"Thread": 49414327,
"EventTime": "2021-09-08T18:19:21.133264-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:19:21.424665-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10748118,
"ParentPID": 10223728,
"Thread": 48627949,
"EventTime": "2021-09-08T18:19:21.153272-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:19:21.425467-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008192136qY6qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8192136,
"ParentPID": 9371674,
"Thread": 44695671,
"EventTime": "2021-09-08T18:19:21.233299-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:19:21.426186-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371676,
"ParentPID": 6684890,
"Thread": 35717341,
"EventTime": "2021-09-08T18:20:00.250340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:20:00.479623-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371676,
"ParentPID": 6684890,
"Thread": 35717341,
"EventTime": "2021-09-08T18:20:00.250340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:20:00.480473-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 17:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371676,
"ParentPID": 6684890,
"Thread": 35717341,
"EventTime": "2021-09-08T18:20:00.250340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:20:00.481237-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371676,
"ParentPID": 6684890,
"Thread": 35717341,
"EventTime": "2021-09-08T18:20:00.250340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:20:00.482017-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371678,
"ParentPID": 6684890,
"Thread": 50135053,
"EventTime": "2021-09-08T18:25:00.260340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:25:00.355231-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371678,
"ParentPID": 6684890,
"Thread": 50135053,
"EventTime": "2021-09-08T18:25:00.260340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:25:00.356038-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 17:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371678,
"ParentPID": 6684890,
"Thread": 50135053,
"EventTime": "2021-09-08T18:25:00.260340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:25:00.356792-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371678,
"ParentPID": 6684890,
"Thread": 50135053,
"EventTime": "2021-09-08T18:25:00.260340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:25:00.357529-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371680,
"ParentPID": 6684890,
"Thread": 42467461,
"EventTime": "2021-09-08T18:30:00.270340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:30:00.307150-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371680,
"ParentPID": 6684890,
"Thread": 42467461,
"EventTime": "2021-09-08T18:30:00.270340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:30:00.307903-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 17:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371680,
"ParentPID": 6684890,
"Thread": 42467461,
"EventTime": "2021-09-08T18:30:00.270340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:30:00.308642-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371680,
"ParentPID": 6684890,
"Thread": 42467461,
"EventTime": "2021-09-08T18:30:00.270340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:30:00.309377-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.08192138",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9437434,
"ParentPID": 8192138,
"Thread": 49152153,
"EventTime": "2021-09-08T18:30:00.289001-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:30:00.309916-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371684,
"ParentPID": 5439688,
"Thread": 42467471,
"EventTime": "2021-09-08T18:32:44.145340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:44.361795-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8192140.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8192140,
"ParentPID": 9371684,
"Thread": 29950133,
"EventTime": "2021-09-08T18:32:44.283052-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:44.362601-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8192140",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9437194,
"ParentPID": 8192140,
"Thread": 49152169,
"EventTime": "2021-09-08T18:32:44.310033-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:44.363335-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9437194,
"ParentPID": 8192140,
"Thread": 49152169,
"EventTime": "2021-09-08T18:32:44.315340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:44.364060-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9437198aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9437198,
"ParentPID": 8192140,
"Thread": 49152173,
"EventTime": "2021-09-08T18:32:44.325354-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:44.364773-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9437198aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9437198,
"ParentPID": 8192140,
"Thread": 49152173,
"EventTime": "2021-09-08T18:32:44.325354-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:44.365577-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9437198aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9437198,
"ParentPID": 8192140,
"Thread": 49152173,
"EventTime": "2021-09-08T18:32:44.334993-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:44.366293-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8192140/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9437200,
"ParentPID": 8192140,
"Thread": 49152175,
"EventTime": "2021-09-08T18:32:44.335340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:44.367056-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8192140",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9437202,
"ParentPID": 8192140,
"Thread": 49152177,
"EventTime": "2021-09-08T18:32:44.345340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:44.367769-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8192142,
"ParentPID": 9371684,
"Thread": 29950135,
"EventTime": "2021-09-08T18:32:44.345340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:44.368477-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192142,
"ParentPID": 9371684,
"Thread": 29950135,
"EventTime": "2021-09-08T18:32:44.345340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:44.369177-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371686,
"ParentPID": 5439688,
"Thread": 42467473,
"EventTime": "2021-09-08T18:32:44.846231-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:44.983131-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8192144.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8192144,
"ParentPID": 9371686,
"Thread": 29950137,
"EventTime": "2021-09-08T18:32:44.976578-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:45.286190-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8192144",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9437218,
"ParentPID": 8192144,
"Thread": 49152193,
"EventTime": "2021-09-08T18:32:45.015369-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:45.286998-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9437218,
"ParentPID": 8192144,
"Thread": 49152193,
"EventTime": "2021-09-08T18:32:45.018272-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:45.287744-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9437222aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9437222,
"ParentPID": 8192144,
"Thread": 49152197,
"EventTime": "2021-09-08T18:32:45.026594-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:45.288473-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9437222aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9437222,
"ParentPID": 8192144,
"Thread": 49152197,
"EventTime": "2021-09-08T18:32:45.026594-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:45.289196-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9437222aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9437222,
"ParentPID": 8192144,
"Thread": 49152197,
"EventTime": "2021-09-08T18:32:45.033110-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:45.289923-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8192144/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9437228,
"ParentPID": 8192144,
"Thread": 49152203,
"EventTime": "2021-09-08T18:32:45.036597-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:45.290635-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8192144",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9437230,
"ParentPID": 8192144,
"Thread": 49152205,
"EventTime": "2021-09-08T18:32:45.046602-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:45.291352-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8192146,
"ParentPID": 9371686,
"Thread": 29950139,
"EventTime": "2021-09-08T18:32:45.046602-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:45.292072-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192146,
"ParentPID": 9371686,
"Thread": 29950139,
"EventTime": "2021-09-08T18:32:45.046602-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:45.292775-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371688,
"ParentPID": 5439688,
"Thread": 42467475,
"EventTime": "2021-09-08T18:32:46.115340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:46.200368-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8192148.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8192148,
"ParentPID": 9371688,
"Thread": 29950141,
"EventTime": "2021-09-08T18:32:46.245340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:46.506148-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8192148",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9437246,
"ParentPID": 8192148,
"Thread": 49152221,
"EventTime": "2021-09-08T18:32:46.279679-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:46.506941-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9437246,
"ParentPID": 8192148,
"Thread": 49152221,
"EventTime": "2021-09-08T18:32:46.285342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:46.507652-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9437250aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9437250,
"ParentPID": 8192148,
"Thread": 49152225,
"EventTime": "2021-09-08T18:32:46.295340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:46.508342-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9437250aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9437250,
"ParentPID": 8192148,
"Thread": 49152225,
"EventTime": "2021-09-08T18:32:46.295340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:46.509055-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9437250aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9437250,
"ParentPID": 8192148,
"Thread": 49152225,
"EventTime": "2021-09-08T18:32:46.299688-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:46.509736-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8192148/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9437256,
"ParentPID": 8192148,
"Thread": 49152231,
"EventTime": "2021-09-08T18:32:46.309691-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:46.510452-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8192148",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9437258,
"ParentPID": 8192148,
"Thread": 49152233,
"EventTime": "2021-09-08T18:32:46.309691-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:46.511165-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8192150,
"ParentPID": 9371688,
"Thread": 29950143,
"EventTime": "2021-09-08T18:32:46.315340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:46.511885-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192150,
"ParentPID": 9371688,
"Thread": 29950143,
"EventTime": "2021-09-08T18:32:46.315340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:46.512594-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371690,
"ParentPID": 5439688,
"Thread": 28901559,
"EventTime": "2021-09-08T18:32:58.114340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:58.241807-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371692,
"ParentPID": 5439688,
"Thread": 28901561,
"EventTime": "2021-09-08T18:32:59.494541-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:32:59.745196-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371694,
"ParentPID": 5439688,
"Thread": 28901563,
"EventTime": "2021-09-08T18:33:00.878310-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:33:00.946985-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371696,
"ParentPID": 5439688,
"Thread": 28901565,
"EventTime": "2021-09-08T18:33:02.262069-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:33:02.453275-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8192152.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8192152,
"ParentPID": 9371696,
"Thread": 29950145,
"EventTime": "2021-09-08T18:33:02.392413-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:33:02.454041-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8192152",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9437274,
"ParentPID": 8192152,
"Thread": 49152249,
"EventTime": "2021-09-08T18:33:02.424369-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:33:02.454835-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9437274,
"ParentPID": 8192152,
"Thread": 49152249,
"EventTime": "2021-09-08T18:33:02.426824-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:33:02.455634-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9437278aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9437278,
"ParentPID": 8192152,
"Thread": 49152253,
"EventTime": "2021-09-08T18:33:02.434340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:33:02.456329-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9437278aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9437278,
"ParentPID": 8192152,
"Thread": 49152253,
"EventTime": "2021-09-08T18:33:02.442429-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:33:02.457018-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9437278aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9437278,
"ParentPID": 8192152,
"Thread": 49152253,
"EventTime": "2021-09-08T18:33:02.444340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:33:02.457704-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8192152/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9437284,
"ParentPID": 8192152,
"Thread": 49152003,
"EventTime": "2021-09-08T18:33:02.454920-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:33:02.764114-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8192152",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9437286,
"ParentPID": 8192152,
"Thread": 49152005,
"EventTime": "2021-09-08T18:33:02.462437-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:33:02.764963-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8192154,
"ParentPID": 9371696,
"Thread": 29950147,
"EventTime": "2021-09-08T18:33:02.464340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:33:02.765771-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192154,
"ParentPID": 9371696,
"Thread": 29950147,
"EventTime": "2021-09-08T18:33:02.464340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:33:02.766495-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371698,
"ParentPID": 5439688,
"Thread": 28901567,
"EventTime": "2021-09-08T18:33:03.725938-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:33:03.977278-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8192156.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8192156,
"ParentPID": 9371698,
"Thread": 29950149,
"EventTime": "2021-09-08T18:33:03.856564-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:33:03.978086-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8192156",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9437302,
"ParentPID": 8192156,
"Thread": 49152021,
"EventTime": "2021-09-08T18:33:03.889680-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:33:03.978836-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9437302,
"ParentPID": 8192156,
"Thread": 49152021,
"EventTime": "2021-09-08T18:33:03.896293-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:33:03.979551-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9437306aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9437306,
"ParentPID": 8192156,
"Thread": 49152025,
"EventTime": "2021-09-08T18:33:03.906577-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:33:03.980239-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9437306aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9437306,
"ParentPID": 8192156,
"Thread": 49152025,
"EventTime": "2021-09-08T18:33:03.906577-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:33:03.980923-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9437306aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9437306,
"ParentPID": 8192156,
"Thread": 49152025,
"EventTime": "2021-09-08T18:33:03.906577-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:33:03.981606-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8192156/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9437312,
"ParentPID": 8192156,
"Thread": 49152031,
"EventTime": "2021-09-08T18:33:03.916299-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:33:03.982319-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8192156",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9437314,
"ParentPID": 8192156,
"Thread": 49152033,
"EventTime": "2021-09-08T18:33:03.924340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:33:03.983026-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8192158,
"ParentPID": 9371698,
"Thread": 29950151,
"EventTime": "2021-09-08T18:33:03.926303-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:33:03.983729-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192158,
"ParentPID": 9371698,
"Thread": 29950151,
"EventTime": "2021-09-08T18:33:03.926303-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:33:03.984481-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371700,
"ParentPID": 5439688,
"Thread": 28901569,
"EventTime": "2021-09-08T18:33:05.184340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:33:05.191541-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-08T18:33:07.115149-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:33:07.306490-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009437336kYAaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9437336,
"ParentPID": 8192168,
"Thread": 49152057,
"EventTime": "2021-09-08T18:34:21.365161-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:34:21.513207-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.08192170",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10748138,
"ParentPID": 8192170,
"Thread": 35258385,
"EventTime": "2021-09-08T18:34:21.378255-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:34:21.513846-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9437344,
"ParentPID": 9371702,
"Thread": 49152065,
"EventTime": "2021-09-08T18:34:21.398262-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:34:21.514618-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223752lEDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223752,
"ParentPID": 9437346,
"Thread": 31195297,
"EventTime": "2021-09-08T18:34:21.478293-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:34:21.515335-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9437348,
"ParentPID": 6684890,
"Thread": 40697977,
"EventTime": "2021-09-08T18:35:00.292998-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:35:00.593208-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9437348,
"ParentPID": 6684890,
"Thread": 40697977,
"EventTime": "2021-09-08T18:35:00.292998-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:35:00.594044-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 17:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9437348,
"ParentPID": 6684890,
"Thread": 40697977,
"EventTime": "2021-09-08T18:35:00.293695-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:35:00.594830-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9437348,
"ParentPID": 6684890,
"Thread": 40697977,
"EventTime": "2021-09-08T18:35:00.293695-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:35:00.595563-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9437350,
"ParentPID": 6684890,
"Thread": 33554529,
"EventTime": "2021-09-08T18:40:00.301107-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:40:00.452353-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9437350,
"ParentPID": 6684890,
"Thread": 33554529,
"EventTime": "2021-09-08T18:40:00.301107-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:40:00.453185-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 17:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9437350,
"ParentPID": 6684890,
"Thread": 33554529,
"EventTime": "2021-09-08T18:40:00.301107-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:40:00.453953-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9437350,
"ParentPID": 6684890,
"Thread": 33554529,
"EventTime": "2021-09-08T18:40:00.301107-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:40:00.454694-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9437352,
"ParentPID": 5439688,
"Thread": 33947657,
"EventTime": "2021-09-08T18:43:49.506834-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:43:49.766694-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9437354,
"ParentPID": 6684890,
"Thread": 40173629,
"EventTime": "2021-09-08T18:45:00.310341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:45:00.368274-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9437354,
"ParentPID": 6684890,
"Thread": 40173629,
"EventTime": "2021-09-08T18:45:00.310341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:45:00.369051-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 17:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9437354,
"ParentPID": 6684890,
"Thread": 40173629,
"EventTime": "2021-09-08T18:45:00.313636-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:45:00.369825-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9437354,
"ParentPID": 6684890,
"Thread": 40173629,
"EventTime": "2021-09-08T18:45:00.313636-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:45:00.370632-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010551460fEEqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10551460,
"ParentPID": 10223762,
"Thread": 31195325,
"EventTime": "2021-09-08T18:49:21.601340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:49:21.816459-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10223770,
"ParentPID": 9437356,
"Thread": 50135083,
"EventTime": "2021-09-08T18:49:21.621341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:49:21.817275-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010551484guEqaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10551484,
"ParentPID": 10223772,
"Thread": 31195349,
"EventTime": "2021-09-08T18:49:21.712885-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:49:21.818017-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223774,
"ParentPID": 6684890,
"Thread": 28049643,
"EventTime": "2021-09-08T18:50:00.320340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:50:00.593009-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223774,
"ParentPID": 6684890,
"Thread": 28049643,
"EventTime": "2021-09-08T18:50:00.320340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:50:00.593832-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 17:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223774,
"ParentPID": 6684890,
"Thread": 28049643,
"EventTime": "2021-09-08T18:50:00.320340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:50:00.594586-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223774,
"ParentPID": 6684890,
"Thread": 28049643,
"EventTime": "2021-09-08T18:50:00.320340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:50:00.595319-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223776,
"ParentPID": 6684890,
"Thread": 33947683,
"EventTime": "2021-09-08T18:55:00.330342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:55:00.558953-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223776,
"ParentPID": 6684890,
"Thread": 33947683,
"EventTime": "2021-09-08T18:55:00.330342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:55:00.559780-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 17:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223776,
"ParentPID": 6684890,
"Thread": 33947683,
"EventTime": "2021-09-08T18:55:00.330342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:55:00.560600-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223776,
"ParentPID": 6684890,
"Thread": 33947683,
"EventTime": "2021-09-08T18:55:00.330342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T18:55:00.561403-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223778,
"ParentPID": 6684890,
"Thread": 50200737,
"EventTime": "2021-09-08T19:00:00.339340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:00:00.437010-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223778,
"ParentPID": 6684890,
"Thread": 50200737,
"EventTime": "2021-09-08T19:00:00.339340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:00:00.437815-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 18:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223778,
"ParentPID": 6684890,
"Thread": 50200737,
"EventTime": "2021-09-08T19:00:00.339340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:00:00.438569-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223778,
"ParentPID": 6684890,
"Thread": 50200737,
"EventTime": "2021-09-08T19:00:00.339340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:00:00.439306-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008978678aq9qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8978678,
"ParentPID": 10223790,
"Thread": 50135123,
"EventTime": "2021-09-08T19:04:21.841369-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:04:21.848708-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10223798,
"ParentPID": 9961704,
"Thread": 38731941,
"EventTime": "2021-09-08T19:04:21.858288-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:04:22.149733-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008978446ba9qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8978446,
"ParentPID": 10223800,
"Thread": 50135147,
"EventTime": "2021-09-08T19:04:21.951344-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:04:22.150490-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961706,
"ParentPID": 6684890,
"Thread": 29950175,
"EventTime": "2021-09-08T19:05:00.351738-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:05:00.633380-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961706,
"ParentPID": 6684890,
"Thread": 29950175,
"EventTime": "2021-09-08T19:05:00.351738-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:05:00.634199-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 18:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961706,
"ParentPID": 6684890,
"Thread": 29950175,
"EventTime": "2021-09-08T19:05:00.351738-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:05:00.634950-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961706,
"ParentPID": 6684890,
"Thread": 29950175,
"EventTime": "2021-09-08T19:05:00.351738-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:05:00.635689-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961708,
"ParentPID": 6684890,
"Thread": 42336269,
"EventTime": "2021-09-08T19:10:00.359449-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:10:00.477415-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961708,
"ParentPID": 6684890,
"Thread": 42336269,
"EventTime": "2021-09-08T19:10:00.359449-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:10:00.478232-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 18:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961708,
"ParentPID": 6684890,
"Thread": 42336269,
"EventTime": "2021-09-08T19:10:00.359449-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:10:00.478978-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961708,
"ParentPID": 6684890,
"Thread": 42336269,
"EventTime": "2021-09-08T19:10:00.359449-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:10:00.479772-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961710,
"ParentPID": 6684890,
"Thread": 27656409,
"EventTime": "2021-09-08T19:15:00.369340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:15:00.615685-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961710,
"ParentPID": 6684890,
"Thread": 27656409,
"EventTime": "2021-09-08T19:15:00.369340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:15:00.616519-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 18:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961710,
"ParentPID": 6684890,
"Thread": 27656409,
"EventTime": "2021-09-08T19:15:00.369340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:15:00.617283-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961710,
"ParentPID": 6684890,
"Thread": 27656409,
"EventTime": "2021-09-08T19:15:00.369340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:15:00.618016-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223822WYDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223822,
"ParentPID": 8978456,
"Thread": 41418949,
"EventTime": "2021-09-08T19:19:22.080343-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:19:22.347512-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8978464,
"ParentPID": 9961712,
"Thread": 31195145,
"EventTime": "2021-09-08T19:19:22.096168-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:19:22.348274-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010747922XIFaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10747922,
"ParentPID": 9240578,
"Thread": 39059701,
"EventTime": "2021-09-08T19:19:22.190340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:19:22.349008-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961714,
"ParentPID": 6684890,
"Thread": 36700171,
"EventTime": "2021-09-08T19:20:00.380986-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:20:00.487853-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961714,
"ParentPID": 6684890,
"Thread": 36700171,
"EventTime": "2021-09-08T19:20:00.380986-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:20:00.488660-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 18:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961714,
"ParentPID": 6684890,
"Thread": 36700171,
"EventTime": "2021-09-08T19:20:00.380986-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:20:00.489412-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961714,
"ParentPID": 6684890,
"Thread": 36700171,
"EventTime": "2021-09-08T19:20:00.380986-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:20:00.490155-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10747926,
"ParentPID": 6684890,
"Thread": 50135173,
"EventTime": "2021-09-08T19:25:00.389449-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:25:00.648987-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10747926,
"ParentPID": 6684890,
"Thread": 50135173,
"EventTime": "2021-09-08T19:25:00.389449-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:25:00.649857-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 18:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10747926,
"ParentPID": 6684890,
"Thread": 50135173,
"EventTime": "2021-09-08T19:25:00.389449-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:25:00.650665-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10747926,
"ParentPID": 6684890,
"Thread": 50135173,
"EventTime": "2021-09-08T19:25:00.389449-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:25:00.651394-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09961718",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 5636308,
"ParentPID": 9961718,
"Thread": 46530775,
"EventTime": "2021-09-08T19:25:00.409453-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:25:00.651940-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10747928,
"ParentPID": 6684890,
"Thread": 44105783,
"EventTime": "2021-09-08T19:30:00.408895-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:30:00.540067-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10747928,
"ParentPID": 6684890,
"Thread": 44105783,
"EventTime": "2021-09-08T19:30:00.408895-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:30:00.540886-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 18:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10747928,
"ParentPID": 6684890,
"Thread": 44105783,
"EventTime": "2021-09-08T19:30:00.408895-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:30:00.541634-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10747928,
"ParentPID": 6684890,
"Thread": 44105783,
"EventTime": "2021-09-08T19:30:00.414843-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:30:00.542369-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-08T19:33:06.988570-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:33:07.156349-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636330REv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636330,
"ParentPID": 9961472,
"Thread": 39059473,
"EventTime": "2021-09-08T19:34:22.319879-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:34:22.580205-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9961480,
"ParentPID": 10747932,
"Thread": 32178301,
"EventTime": "2021-09-08T19:34:22.334154-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:34:22.581005-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636098Syv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636098,
"ParentPID": 9961482,
"Thread": 39059497,
"EventTime": "2021-09-08T19:34:22.434186-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:34:22.581732-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10747934,
"ParentPID": 6684890,
"Thread": 50331657,
"EventTime": "2021-09-08T19:35:00.418376-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:35:00.449213-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10747934,
"ParentPID": 6684890,
"Thread": 50331657,
"EventTime": "2021-09-08T19:35:00.418376-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:35:00.450033-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 18:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10747934,
"ParentPID": 6684890,
"Thread": 50331657,
"EventTime": "2021-09-08T19:35:00.418376-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:35:00.450781-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10747934,
"ParentPID": 6684890,
"Thread": 50331657,
"EventTime": "2021-09-08T19:35:00.418376-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:35:00.451521-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10747936,
"ParentPID": 5439688,
"Thread": 46792927,
"EventTime": "2021-09-08T19:38:45.590909-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:38:45.777501-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh5636100.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 5636100,
"ParentPID": 10747936,
"Thread": 43778059,
"EventTime": "2021-09-08T19:38:45.720340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:38:45.778262-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.5636100",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9240612,
"ParentPID": 5636100,
"Thread": 40370261,
"EventTime": "2021-09-08T19:38:45.750574-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:38:45.778996-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9240612,
"ParentPID": 5636100,
"Thread": 40370261,
"EventTime": "2021-09-08T19:38:45.760371-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:38:45.779713-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9240616aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9240616,
"ParentPID": 5636100,
"Thread": 40370265,
"EventTime": "2021-09-08T19:38:45.764914-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:38:45.780469-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9240616aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9240616,
"ParentPID": 5636100,
"Thread": 40370265,
"EventTime": "2021-09-08T19:38:45.770405-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:38:45.781186-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9240616aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9240616,
"ParentPID": 5636100,
"Thread": 40370265,
"EventTime": "2021-09-08T19:38:45.770405-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:38:45.781956-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.5636100/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9240618,
"ParentPID": 5636100,
"Thread": 40370267,
"EventTime": "2021-09-08T19:38:45.784922-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:38:46.086591-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.5636100",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9240620,
"ParentPID": 5636100,
"Thread": 40370269,
"EventTime": "2021-09-08T19:38:45.790340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:38:46.087348-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 5636102,
"ParentPID": 10747936,
"Thread": 43778061,
"EventTime": "2021-09-08T19:38:45.794926-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:38:46.088085-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636102,
"ParentPID": 10747936,
"Thread": 43778061,
"EventTime": "2021-09-08T19:38:45.794926-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:38:46.088812-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10747938,
"ParentPID": 5439688,
"Thread": 46792929,
"EventTime": "2021-09-08T19:38:46.396550-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:38:46.693165-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh5636104.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 5636104,
"ParentPID": 10747938,
"Thread": 43778063,
"EventTime": "2021-09-08T19:38:46.526888-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:38:46.693976-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.5636104",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9240636,
"ParentPID": 5636104,
"Thread": 40370285,
"EventTime": "2021-09-08T19:38:46.556898-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:38:46.694707-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9240636,
"ParentPID": 5636104,
"Thread": 40370285,
"EventTime": "2021-09-08T19:38:46.563149-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:38:46.695428-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9240640aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9240640,
"ParentPID": 5636104,
"Thread": 40370289,
"EventTime": "2021-09-08T19:38:46.570341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:38:46.696149-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9240640aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9240640,
"ParentPID": 5636104,
"Thread": 40370289,
"EventTime": "2021-09-08T19:38:46.570341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:38:46.696860-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9240640aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9240640,
"ParentPID": 5636104,
"Thread": 40370289,
"EventTime": "2021-09-08T19:38:46.576904-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:38:46.697584-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.5636104/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9240646,
"ParentPID": 5636104,
"Thread": 40370295,
"EventTime": "2021-09-08T19:38:46.586907-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:38:46.698307-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.5636104",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9240648,
"ParentPID": 5636104,
"Thread": 40370297,
"EventTime": "2021-09-08T19:38:46.592227-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:38:46.699008-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 5636106,
"ParentPID": 10747938,
"Thread": 43778065,
"EventTime": "2021-09-08T19:38:46.592227-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:38:46.699717-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636106,
"ParentPID": 10747938,
"Thread": 43778065,
"EventTime": "2021-09-08T19:38:46.592227-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:38:46.700454-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10747940,
"ParentPID": 6684890,
"Thread": 46792937,
"EventTime": "2021-09-08T19:40:00.431225-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:40:00.642722-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10747940,
"ParentPID": 6684890,
"Thread": 46792937,
"EventTime": "2021-09-08T19:40:00.431225-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:40:00.643642-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 18:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10747940,
"ParentPID": 6684890,
"Thread": 46792937,
"EventTime": "2021-09-08T19:40:00.431225-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:40:00.644420-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10747940,
"ParentPID": 6684890,
"Thread": 46792937,
"EventTime": "2021-09-08T19:40:00.431225-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:40:00.645167-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10747942,
"ParentPID": 6684890,
"Thread": 35455119,
"EventTime": "2021-09-08T19:45:00.442100-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:45:00.543213-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10747942,
"ParentPID": 6684890,
"Thread": 35455119,
"EventTime": "2021-09-08T19:45:00.442100-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:45:00.544044-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 18:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10747942,
"ParentPID": 6684890,
"Thread": 35455119,
"EventTime": "2021-09-08T19:45:00.442100-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:45:00.544801-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10747942,
"ParentPID": 6684890,
"Thread": 35455119,
"EventTime": "2021-09-08T19:45:00.443951-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:45:00.545540-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10747944,
"ParentPID": 5439688,
"Thread": 43385051,
"EventTime": "2021-09-08T19:47:43.731975-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:47:43.739803-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009240670Mu0qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240670,
"ParentPID": 5636116,
"Thread": 32178331,
"EventTime": "2021-09-08T19:49:22.559340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:49:22.613295-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 5636124,
"ParentPID": 10747946,
"Thread": 36896939,
"EventTime": "2021-09-08T19:49:22.575125-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:49:22.614059-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009240694Ne0qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240694,
"ParentPID": 5636126,
"Thread": 32178355,
"EventTime": "2021-09-08T19:49:22.671827-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:49:22.920184-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636128,
"ParentPID": 6684890,
"Thread": 50331673,
"EventTime": "2021-09-08T19:50:00.449465-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:50:00.462346-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636128,
"ParentPID": 6684890,
"Thread": 50331673,
"EventTime": "2021-09-08T19:50:00.449465-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:50:00.463117-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 18:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636128,
"ParentPID": 6684890,
"Thread": 50331673,
"EventTime": "2021-09-08T19:50:00.449465-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:50:00.463868-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636128,
"ParentPID": 6684890,
"Thread": 50331673,
"EventTime": "2021-09-08T19:50:00.449465-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:50:00.464605-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636130,
"ParentPID": 6684890,
"Thread": 43385069,
"EventTime": "2021-09-08T19:55:00.461241-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:55:00.642554-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636130,
"ParentPID": 6684890,
"Thread": 43385069,
"EventTime": "2021-09-08T19:55:00.461241-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:55:00.643374-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 18:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636130,
"ParentPID": 6684890,
"Thread": 43385069,
"EventTime": "2021-09-08T19:55:00.461241-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:55:00.644124-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636130,
"ParentPID": 6684890,
"Thread": 43385069,
"EventTime": "2021-09-08T19:55:00.461241-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T19:55:00.644855-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636132,
"ParentPID": 6684890,
"Thread": 31260687,
"EventTime": "2021-09-08T20:00:00.471261-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:00:00.772457-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636132,
"ParentPID": 6684890,
"Thread": 31260687,
"EventTime": "2021-09-08T20:00:00.471261-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:00:00.773276-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 19:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636132,
"ParentPID": 6684890,
"Thread": 31260687,
"EventTime": "2021-09-08T20:00:00.471261-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:00:00.774026-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636132,
"ParentPID": 6684890,
"Thread": 31260687,
"EventTime": "2021-09-08T20:00:00.477340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:00:00.774754-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09240696",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 8978468,
"ParentPID": 9240696,
"Thread": 31588487,
"EventTime": "2021-09-08T20:00:00.490337-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:00:00.775302-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008978490He9qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8978490,
"ParentPID": 5636144,
"Thread": 45678609,
"EventTime": "2021-09-08T20:04:22.798341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:04:23.089269-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 5636152,
"ParentPID": 9240702,
"Thread": 44630223,
"EventTime": "2021-09-08T20:04:22.818340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:04:23.090081-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008978514HM9qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8978514,
"ParentPID": 5636154,
"Thread": 45678633,
"EventTime": "2021-09-08T20:04:22.914452-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:04:23.090817-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240704,
"ParentPID": 6684890,
"Thread": 39059517,
"EventTime": "2021-09-08T20:05:00.497973-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:05:00.653791-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240704,
"ParentPID": 6684890,
"Thread": 39059517,
"EventTime": "2021-09-08T20:05:00.497973-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:05:00.654561-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 19:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240704,
"ParentPID": 6684890,
"Thread": 39059517,
"EventTime": "2021-09-08T20:05:00.497973-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:05:00.655313-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240704,
"ParentPID": 6684890,
"Thread": 39059517,
"EventTime": "2021-09-08T20:05:00.497973-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:05:00.656041-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240706,
"ParentPID": 5439688,
"Thread": 28704889,
"EventTime": "2021-09-08T20:06:59.874716-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:06:59.964232-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240708,
"ParentPID": 5439688,
"Thread": 28704891,
"EventTime": "2021-09-08T20:07:01.003340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:07:01.166343-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240710,
"ParentPID": 5439688,
"Thread": 28704893,
"EventTime": "2021-09-08T20:07:01.268464-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:07:01.469832-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240712,
"ParentPID": 5439688,
"Thread": 28704895,
"EventTime": "2021-09-08T20:07:01.398789-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:07:01.470638-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240714,
"ParentPID": 5439688,
"Thread": 28704897,
"EventTime": "2021-09-08T20:07:01.665845-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:07:01.774146-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240716,
"ParentPID": 5439688,
"Thread": 28704899,
"EventTime": "2021-09-08T20:07:01.933340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:07:02.081423-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240718,
"ParentPID": 5439688,
"Thread": 28704901,
"EventTime": "2021-09-08T20:07:02.203340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:07:02.384151-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240720,
"ParentPID": 5439688,
"Thread": 28704903,
"EventTime": "2021-09-08T20:07:02.466376-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:07:02.693037-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240722,
"ParentPID": 5439688,
"Thread": 28704905,
"EventTime": "2021-09-08T20:07:02.723340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:07:02.994178-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240724,
"ParentPID": 5439688,
"Thread": 28704907,
"EventTime": "2021-09-08T20:07:02.983340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:07:02.994977-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240726,
"ParentPID": 6684890,
"Thread": 47513731,
"EventTime": "2021-09-08T20:10:00.500002-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:10:00.661104-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240726,
"ParentPID": 6684890,
"Thread": 47513731,
"EventTime": "2021-09-08T20:10:00.500002-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:10:00.661906-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 19:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240726,
"ParentPID": 6684890,
"Thread": 47513731,
"EventTime": "2021-09-08T20:10:00.500002-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:10:00.662652-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240726,
"ParentPID": 6684890,
"Thread": 47513731,
"EventTime": "2021-09-08T20:10:00.510006-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:10:00.663373-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240728,
"ParentPID": 6684890,
"Thread": 50266261,
"EventTime": "2021-09-08T20:15:00.517340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:15:00.539699-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240728,
"ParentPID": 6684890,
"Thread": 50266261,
"EventTime": "2021-09-08T20:15:00.517340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:15:00.540509-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 19:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240728,
"ParentPID": 6684890,
"Thread": 50266261,
"EventTime": "2021-09-08T20:15:00.517340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:15:00.541261-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240728,
"ParentPID": 6684890,
"Thread": 50266261,
"EventTime": "2021-09-08T20:15:00.517340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:15:00.541989-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008978536BM9qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8978536,
"ParentPID": 5636164,
"Thread": 39059553,
"EventTime": "2021-09-08T20:19:23.042227-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:19:23.156248-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 5636172,
"ParentPID": 9240730,
"Thread": 31457427,
"EventTime": "2021-09-08T20:19:23.062233-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:19:23.157008-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008978560C79qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8978560,
"ParentPID": 5636174,
"Thread": 39059577,
"EventTime": "2021-09-08T20:19:23.162270-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:19:23.459171-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240732,
"ParentPID": 6684890,
"Thread": 29818979,
"EventTime": "2021-09-08T20:20:00.525788-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:20:00.721507-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240732,
"ParentPID": 6684890,
"Thread": 29818979,
"EventTime": "2021-09-08T20:20:00.525788-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:20:00.722329-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 19:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240732,
"ParentPID": 6684890,
"Thread": 29818979,
"EventTime": "2021-09-08T20:20:00.525788-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:20:00.723086-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240732,
"ParentPID": 6684890,
"Thread": 29818979,
"EventTime": "2021-09-08T20:20:00.525788-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:20:00.723814-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8978564,
"ParentPID": 6684890,
"Thread": 39845893,
"EventTime": "2021-09-08T20:25:00.538225-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:25:00.600725-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8978564,
"ParentPID": 6684890,
"Thread": 39845893,
"EventTime": "2021-09-08T20:25:00.538225-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:25:00.601543-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 19:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8978564,
"ParentPID": 6684890,
"Thread": 39845893,
"EventTime": "2021-09-08T20:25:00.538225-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:25:00.602297-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8978564,
"ParentPID": 6684890,
"Thread": 39845893,
"EventTime": "2021-09-08T20:25:00.538225-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:25:00.603025-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8978566,
"ParentPID": 6684890,
"Thread": 42991843,
"EventTime": "2021-09-08T20:30:00.538222-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:30:00.695698-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8978566,
"ParentPID": 6684890,
"Thread": 42991843,
"EventTime": "2021-09-08T20:30:00.538222-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:30:00.696207-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 19:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8978566,
"ParentPID": 6684890,
"Thread": 42991843,
"EventTime": "2021-09-08T20:30:00.538222-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:30:00.696695-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8978566,
"ParentPID": 6684890,
"Thread": 42991843,
"EventTime": "2021-09-08T20:30:00.544888-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:30:00.697160-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8978570,
"ParentPID": 5439688,
"Thread": 42991853,
"EventTime": "2021-09-08T20:32:39.241339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:39.276456-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9240736.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9240736,
"ParentPID": 8978570,
"Thread": 30998653,
"EventTime": "2021-09-08T20:32:39.366038-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:39.579486-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9240736",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9961558,
"ParentPID": 9240736,
"Thread": 37027855,
"EventTime": "2021-09-08T20:32:39.389742-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:39.579985-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9961558,
"ParentPID": 9240736,
"Thread": 37027855,
"EventTime": "2021-09-08T20:32:39.391339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:39.580432-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961562aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961562,
"ParentPID": 9240736,
"Thread": 37027859,
"EventTime": "2021-09-08T20:32:39.399321-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:39.580874-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961562aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961562,
"ParentPID": 9240736,
"Thread": 37027859,
"EventTime": "2021-09-08T20:32:39.399321-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:39.581320-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961562aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961562,
"ParentPID": 9240736,
"Thread": 37027859,
"EventTime": "2021-09-08T20:32:39.401339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:39.581784-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9240736/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9961564,
"ParentPID": 9240736,
"Thread": 37027861,
"EventTime": "2021-09-08T20:32:39.406047-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:39.582258-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9240736",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9961566,
"ParentPID": 9240736,
"Thread": 37027863,
"EventTime": "2021-09-08T20:32:39.406047-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:39.582709-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9240738,
"ParentPID": 8978570,
"Thread": 30998655,
"EventTime": "2021-09-08T20:32:39.411339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:39.583144-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240738,
"ParentPID": 8978570,
"Thread": 30998655,
"EventTime": "2021-09-08T20:32:39.411339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:39.583581-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8978572,
"ParentPID": 5439688,
"Thread": 42991855,
"EventTime": "2021-09-08T20:32:40.011339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:40.187988-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9240740.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9240740,
"ParentPID": 8978572,
"Thread": 30998657,
"EventTime": "2021-09-08T20:32:40.137321-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:40.188449-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9240740",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9961582,
"ParentPID": 9240740,
"Thread": 37027879,
"EventTime": "2021-09-08T20:32:40.157325-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:40.188895-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9961582,
"ParentPID": 9240740,
"Thread": 37027879,
"EventTime": "2021-09-08T20:32:40.161339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:40.189334-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961586aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961586,
"ParentPID": 9240740,
"Thread": 37027883,
"EventTime": "2021-09-08T20:32:40.171339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:40.189779-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961586aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961586,
"ParentPID": 9240740,
"Thread": 37027883,
"EventTime": "2021-09-08T20:32:40.171339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:40.190309-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09044200",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10485870,
"ParentPID": 9044200,
"Thread": 39059589,
"EventTime": "2021-09-08T20:32:40.177329-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:40.190640-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961586aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961586,
"ParentPID": 9240740,
"Thread": 37027883,
"EventTime": "2021-09-08T20:32:40.177329-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:40.191084-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9240740/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9961588,
"ParentPID": 9240740,
"Thread": 37027885,
"EventTime": "2021-09-08T20:32:40.181341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:40.191529-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9240740",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9961590,
"ParentPID": 9240740,
"Thread": 37027887,
"EventTime": "2021-09-08T20:32:40.187333-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:40.191968-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9240742,
"ParentPID": 8978572,
"Thread": 30998659,
"EventTime": "2021-09-08T20:32:40.191339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:40.498347-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240742,
"ParentPID": 8978572,
"Thread": 30998659,
"EventTime": "2021-09-08T20:32:40.191339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:40.498848-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8978574,
"ParentPID": 5439688,
"Thread": 42991857,
"EventTime": "2021-09-08T20:32:41.282619-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:41.403460-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9240744.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9240744,
"ParentPID": 8978574,
"Thread": 30998661,
"EventTime": "2021-09-08T20:32:41.411339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:41.704777-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9240744",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9961606,
"ParentPID": 9240744,
"Thread": 37027903,
"EventTime": "2021-09-08T20:32:41.432711-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:41.705281-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9961606,
"ParentPID": 9240744,
"Thread": 37027903,
"EventTime": "2021-09-08T20:32:41.432711-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:41.705733-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961610aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961610,
"ParentPID": 9240744,
"Thread": 37027907,
"EventTime": "2021-09-08T20:32:41.441339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:41.706181-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961610aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961610,
"ParentPID": 9240744,
"Thread": 37027907,
"EventTime": "2021-09-08T20:32:41.441339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:41.706630-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961610aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961610,
"ParentPID": 9240744,
"Thread": 37027907,
"EventTime": "2021-09-08T20:32:41.441339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:41.707072-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9240744/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9961612,
"ParentPID": 9240744,
"Thread": 37027909,
"EventTime": "2021-09-08T20:32:41.451339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:41.707512-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9240744",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9961614,
"ParentPID": 9240744,
"Thread": 37027911,
"EventTime": "2021-09-08T20:32:41.452940-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:41.707959-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9240746,
"ParentPID": 8978574,
"Thread": 30998663,
"EventTime": "2021-09-08T20:32:41.452940-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:41.708393-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240746,
"ParentPID": 8978574,
"Thread": 30998663,
"EventTime": "2021-09-08T20:32:41.452940-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:41.708826-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8978576,
"ParentPID": 5439688,
"Thread": 42991859,
"EventTime": "2021-09-08T20:32:53.001339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:53.130611-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8978578,
"ParentPID": 5439688,
"Thread": 42991861,
"EventTime": "2021-09-08T20:32:54.380339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:54.652212-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8978580,
"ParentPID": 5439688,
"Thread": 42991863,
"EventTime": "2021-09-08T20:32:55.753557-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:55.860084-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8978582,
"ParentPID": 5439688,
"Thread": 44236923,
"EventTime": "2021-09-08T20:32:57.145975-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:57.366869-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9240748.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9240748,
"ParentPID": 8978582,
"Thread": 30998665,
"EventTime": "2021-09-08T20:32:57.270339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:57.367367-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9240748",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9961630,
"ParentPID": 9240748,
"Thread": 37027927,
"EventTime": "2021-09-08T20:32:57.293842-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:57.367817-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9961630,
"ParentPID": 9240748,
"Thread": 37027927,
"EventTime": "2021-09-08T20:32:57.296199-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:57.368259-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961634aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961634,
"ParentPID": 9240748,
"Thread": 37027931,
"EventTime": "2021-09-08T20:32:57.300339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:57.368701-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961634aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961634,
"ParentPID": 9240748,
"Thread": 37027931,
"EventTime": "2021-09-08T20:32:57.306201-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:57.369131-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961634aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961634,
"ParentPID": 9240748,
"Thread": 37027931,
"EventTime": "2021-09-08T20:32:57.306201-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:57.369563-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9240748/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9961636,
"ParentPID": 9240748,
"Thread": 37027933,
"EventTime": "2021-09-08T20:32:57.310340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:57.370003-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9240748",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9961638,
"ParentPID": 9240748,
"Thread": 37027935,
"EventTime": "2021-09-08T20:32:57.316225-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:57.370454-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9240750,
"ParentPID": 8978582,
"Thread": 30998667,
"EventTime": "2021-09-08T20:32:57.316225-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:57.370894-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240750,
"ParentPID": 8978582,
"Thread": 30998667,
"EventTime": "2021-09-08T20:32:57.316225-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:57.371325-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8978584,
"ParentPID": 5439688,
"Thread": 44236925,
"EventTime": "2021-09-08T20:32:58.570339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:58.578903-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9240752.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9240752,
"ParentPID": 8978584,
"Thread": 30998669,
"EventTime": "2021-09-08T20:32:58.698681-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:58.879487-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9240752",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9961654,
"ParentPID": 9240752,
"Thread": 37027951,
"EventTime": "2021-09-08T20:32:58.718686-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:58.879981-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9961654,
"ParentPID": 9240752,
"Thread": 37027951,
"EventTime": "2021-09-08T20:32:58.720339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:58.880445-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961658aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961658,
"ParentPID": 9240752,
"Thread": 37027955,
"EventTime": "2021-09-08T20:32:58.728687-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:58.880899-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961658aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961658,
"ParentPID": 9240752,
"Thread": 37027955,
"EventTime": "2021-09-08T20:32:58.730339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:58.881381-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961658aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961658,
"ParentPID": 9240752,
"Thread": 37027955,
"EventTime": "2021-09-08T20:32:58.730339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:58.881818-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9240752/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9961660,
"ParentPID": 9240752,
"Thread": 37027957,
"EventTime": "2021-09-08T20:32:58.730339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:58.882255-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9240752",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9961662,
"ParentPID": 9240752,
"Thread": 37027959,
"EventTime": "2021-09-08T20:32:58.740355-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:58.882701-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9240754,
"ParentPID": 8978584,
"Thread": 30998671,
"EventTime": "2021-09-08T20:32:58.740355-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:58.883134-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240754,
"ParentPID": 8978584,
"Thread": 30998671,
"EventTime": "2021-09-08T20:32:58.740355-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:32:58.883567-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8978586,
"ParentPID": 5439688,
"Thread": 44236927,
"EventTime": "2021-09-08T20:32:59.990888-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:33:00.091580-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-08T20:33:06.870361-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:33:07.001993-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC000996168473Caaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9961684,
"ParentPID": 9240764,
"Thread": 39059615,
"EventTime": "2021-09-08T20:34:23.277340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:34:23.317193-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9240772,
"ParentPID": 8978588,
"Thread": 39518257,
"EventTime": "2021-09-08T20:34:23.297341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:34:23.317990-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00099617088iCaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9961708,
"ParentPID": 9240774,
"Thread": 39059639,
"EventTime": "2021-09-08T20:34:23.393549-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:34:23.625028-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240776,
"ParentPID": 6684890,
"Thread": 33161337,
"EventTime": "2021-09-08T20:35:00.546341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:35:00.582907-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240776,
"ParentPID": 6684890,
"Thread": 33161337,
"EventTime": "2021-09-08T20:35:00.546341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:35:00.583672-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 19:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240776,
"ParentPID": 6684890,
"Thread": 33161337,
"EventTime": "2021-09-08T20:35:00.546341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:35:00.584419-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240776,
"ParentPID": 6684890,
"Thread": 33161337,
"EventTime": "2021-09-08T20:35:00.546341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:35:00.585150-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240778,
"ParentPID": 6684890,
"Thread": 47382737,
"EventTime": "2021-09-08T20:40:00.557708-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:40:00.747683-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240778,
"ParentPID": 6684890,
"Thread": 47382737,
"EventTime": "2021-09-08T20:40:00.557708-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:40:00.748506-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 19:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240778,
"ParentPID": 6684890,
"Thread": 47382737,
"EventTime": "2021-09-08T20:40:00.557708-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:40:00.749254-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240778,
"ParentPID": 6684890,
"Thread": 47382737,
"EventTime": "2021-09-08T20:40:00.557708-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:40:00.749990-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240780,
"ParentPID": 5439688,
"Thread": 34209813,
"EventTime": "2021-09-08T20:43:51.200235-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:43:51.275402-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240782,
"ParentPID": 6684890,
"Thread": 32047111,
"EventTime": "2021-09-08T20:45:00.566341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:45:00.716801-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240782,
"ParentPID": 6684890,
"Thread": 32047111,
"EventTime": "2021-09-08T20:45:00.566341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:45:00.717623-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 19:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240782,
"ParentPID": 6684890,
"Thread": 32047111,
"EventTime": "2021-09-08T20:45:00.570743-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:45:00.718376-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240782,
"ParentPID": 6684890,
"Thread": 32047111,
"EventTime": "2021-09-08T20:45:00.570743-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:45:00.719111-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10485886",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9044222,
"ParentPID": 10485886,
"Thread": 37027983,
"EventTime": "2021-09-08T20:45:00.586340-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:45:00.719662-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00090439882i97aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9043988,
"ParentPID": 10485896,
"Thread": 46465185,
"EventTime": "2021-09-08T20:49:23.517340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:49:23.705720-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10485904,
"ParentPID": 9240784,
"Thread": 44236955,
"EventTime": "2021-09-08T20:49:23.537341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:49:23.706536-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00090440122Q97aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9044012,
"ParentPID": 10485906,
"Thread": 46465209,
"EventTime": "2021-09-08T20:49:23.634664-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:49:23.707270-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485908,
"ParentPID": 6684890,
"Thread": 40435845,
"EventTime": "2021-09-08T20:50:00.586340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:50:00.667712-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485908,
"ParentPID": 6684890,
"Thread": 40435845,
"EventTime": "2021-09-08T20:50:00.586340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:50:00.668530-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 19:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485908,
"ParentPID": 6684890,
"Thread": 40435845,
"EventTime": "2021-09-08T20:50:00.586340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:50:00.669270-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485908,
"ParentPID": 6684890,
"Thread": 40435845,
"EventTime": "2021-09-08T20:50:00.586340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:50:00.670007-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485910,
"ParentPID": 6684890,
"Thread": 34209839,
"EventTime": "2021-09-08T20:55:00.596461-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:55:00.793072-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485910,
"ParentPID": 6684890,
"Thread": 34209839,
"EventTime": "2021-09-08T20:55:00.596461-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:55:00.793896-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 19:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485910,
"ParentPID": 6684890,
"Thread": 34209839,
"EventTime": "2021-09-08T20:55:00.596461-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:55:00.794649-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485910,
"ParentPID": 6684890,
"Thread": 34209839,
"EventTime": "2021-09-08T20:55:00.596461-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T20:55:00.795385-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485912,
"ParentPID": 6684890,
"Thread": 40435865,
"EventTime": "2021-09-08T21:00:00.610631-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:00:00.739693-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485912,
"ParentPID": 6684890,
"Thread": 40435865,
"EventTime": "2021-09-08T21:00:00.610631-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:00:00.740465-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 20:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485912,
"ParentPID": 6684890,
"Thread": 40435865,
"EventTime": "2021-09-08T21:00:00.610631-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:00:00.741232-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485912,
"ParentPID": 6684890,
"Thread": 40435865,
"EventTime": "2021-09-08T21:00:00.610631-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:00:00.741972-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636234vQv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636234,
"ParentPID": 10485924,
"Thread": 29819021,
"EventTime": "2021-09-08T21:04:23.760681-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:04:23.968197-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10485932,
"ParentPID": 9044018,
"Thread": 31588527,
"EventTime": "2021-09-08T21:04:23.780688-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:04:23.969007-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636258w7v7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636258,
"ParentPID": 10485934,
"Thread": 29819045,
"EventTime": "2021-09-08T21:04:23.877341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:04:23.969752-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044020,
"ParentPID": 6684890,
"Thread": 37028035,
"EventTime": "2021-09-08T21:05:00.619480-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:05:00.628892-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044020,
"ParentPID": 6684890,
"Thread": 37028035,
"EventTime": "2021-09-08T21:05:00.619480-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:05:00.629661-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 20:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9044020,
"ParentPID": 6684890,
"Thread": 37028035,
"EventTime": "2021-09-08T21:05:00.623669-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:05:00.630408-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9044020,
"ParentPID": 6684890,
"Thread": 37028035,
"EventTime": "2021-09-08T21:05:00.625340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:05:00.631144-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044022,
"ParentPID": 6684890,
"Thread": 28901605,
"EventTime": "2021-09-08T21:10:00.627512-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:10:00.859062-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044022,
"ParentPID": 6684890,
"Thread": 28901605,
"EventTime": "2021-09-08T21:10:00.627512-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:10:00.859882-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 20:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9044022,
"ParentPID": 6684890,
"Thread": 28901605,
"EventTime": "2021-09-08T21:10:00.627512-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:10:00.860624-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9044022,
"ParentPID": 6684890,
"Thread": 28901605,
"EventTime": "2021-09-08T21:10:00.637516-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:10:00.861373-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044024,
"ParentPID": 6684890,
"Thread": 46530591,
"EventTime": "2021-09-08T21:15:00.645340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:15:00.769338-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044024,
"ParentPID": 6684890,
"Thread": 46530591,
"EventTime": "2021-09-08T21:15:00.645340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:15:00.770151-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 20:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9044024,
"ParentPID": 6684890,
"Thread": 46530591,
"EventTime": "2021-09-08T21:15:00.645340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:15:00.770909-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9044024,
"ParentPID": 6684890,
"Thread": 46530591,
"EventTime": "2021-09-08T21:15:00.645340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:15:00.771641-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636280q7v7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636280,
"ParentPID": 10485944,
"Thread": 34799759,
"EventTime": "2021-09-08T21:19:23.996340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:19:24.026292-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10485952,
"ParentPID": 9044026,
"Thread": 36765919,
"EventTime": "2021-09-08T21:19:24.016403-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:19:24.027079-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636304rmv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636304,
"ParentPID": 10485954,
"Thread": 34799783,
"EventTime": "2021-09-08T21:19:24.106341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:19:24.328191-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044028,
"ParentPID": 6684890,
"Thread": 32964821,
"EventTime": "2021-09-08T21:20:00.655340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:20:00.700873-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044028,
"ParentPID": 6684890,
"Thread": 32964821,
"EventTime": "2021-09-08T21:20:00.655340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:20:00.701636-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 20:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9044028,
"ParentPID": 6684890,
"Thread": 32964821,
"EventTime": "2021-09-08T21:20:00.656154-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:20:00.702382-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9044028,
"ParentPID": 6684890,
"Thread": 32964821,
"EventTime": "2021-09-08T21:20:00.656154-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:20:00.703105-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371744,
"ParentPID": 6684890,
"Thread": 43515943,
"EventTime": "2021-09-08T21:25:00.665340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:25:00.900429-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371744,
"ParentPID": 6684890,
"Thread": 43515943,
"EventTime": "2021-09-08T21:25:00.665340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:25:00.901243-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 20:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371744,
"ParentPID": 6684890,
"Thread": 43515943,
"EventTime": "2021-09-08T21:25:00.665340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:25:00.901994-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371744,
"ParentPID": 6684890,
"Thread": 43515943,
"EventTime": "2021-09-08T21:25:00.665340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:25:00.902723-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371746,
"ParentPID": 6684890,
"Thread": 33095731,
"EventTime": "2021-09-08T21:30:00.673801-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:30:00.784266-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371746,
"ParentPID": 6684890,
"Thread": 33095731,
"EventTime": "2021-09-08T21:30:00.673801-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:30:00.785087-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 20:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371746,
"ParentPID": 6684890,
"Thread": 33095731,
"EventTime": "2021-09-08T21:30:00.673801-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:30:00.785848-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371746,
"ParentPID": 6684890,
"Thread": 33095731,
"EventTime": "2021-09-08T21:30:00.673801-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:30:00.786648-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-08T21:33:06.748339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:33:06.814059-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011010204lmGaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11010204,
"ParentPID": 9044040,
"Thread": 45023413,
"EventTime": "2021-09-08T21:34:24.236342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:34:24.329371-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9044048,
"ParentPID": 9371750,
"Thread": 50135205,
"EventTime": "2021-09-08T21:34:24.256340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:34:24.330124-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008192210lU6qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8192210,
"ParentPID": 9044050,
"Thread": 36831283,
"EventTime": "2021-09-08T21:34:24.346341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:34:24.631337-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192212,
"ParentPID": 6684890,
"Thread": 45219869,
"EventTime": "2021-09-08T21:35:00.683535-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:35:00.695293-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192212,
"ParentPID": 6684890,
"Thread": 45219869,
"EventTime": "2021-09-08T21:35:00.683535-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:35:00.696107-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 20:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192212,
"ParentPID": 6684890,
"Thread": 45219869,
"EventTime": "2021-09-08T21:35:00.684340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:35:00.696843-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192212,
"ParentPID": 6684890,
"Thread": 45219869,
"EventTime": "2021-09-08T21:35:00.684340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:35:00.697571-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.11468810",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9240824,
"ParentPID": 11468810,
"Thread": 42336305,
"EventTime": "2021-09-08T21:35:00.704340-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:35:01.005008-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192214,
"ParentPID": 6684890,
"Thread": 23658581,
"EventTime": "2021-09-08T21:40:00.709232-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:40:00.859419-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192214,
"ParentPID": 6684890,
"Thread": 23658581,
"EventTime": "2021-09-08T21:40:00.709232-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:40:00.860179-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 20:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192214,
"ParentPID": 6684890,
"Thread": 23658581,
"EventTime": "2021-09-08T21:40:00.709232-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:40:00.860913-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192214,
"ParentPID": 6684890,
"Thread": 23658581,
"EventTime": "2021-09-08T21:40:00.709232-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:40:00.861634-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192216,
"ParentPID": 5439688,
"Thread": 23658583,
"EventTime": "2021-09-08T21:40:25.353340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:40:25.502823-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11468812.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11468812,
"ParentPID": 8192216,
"Thread": 44105829,
"EventTime": "2021-09-08T21:40:25.483340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:40:25.503622-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11468812",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9240584,
"ParentPID": 11468812,
"Thread": 38732001,
"EventTime": "2021-09-08T21:40:25.523368-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:40:25.804956-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9240584,
"ParentPID": 11468812,
"Thread": 38732001,
"EventTime": "2021-09-08T21:40:25.523368-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:40:25.805756-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9240588aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9240588,
"ParentPID": 11468812,
"Thread": 38732005,
"EventTime": "2021-09-08T21:40:25.533340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:40:25.806476-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9240588aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9240588,
"ParentPID": 11468812,
"Thread": 38732005,
"EventTime": "2021-09-08T21:40:25.533340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:40:25.807188-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9240588aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9240588,
"ParentPID": 11468812,
"Thread": 38732005,
"EventTime": "2021-09-08T21:40:25.543342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:40:25.807903-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11468812/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9240590,
"ParentPID": 11468812,
"Thread": 38732007,
"EventTime": "2021-09-08T21:40:25.553364-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:40:25.808608-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11468812",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9240592,
"ParentPID": 11468812,
"Thread": 38732009,
"EventTime": "2021-09-08T21:40:25.553702-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:40:25.809319-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11468814,
"ParentPID": 8192216,
"Thread": 44105831,
"EventTime": "2021-09-08T21:40:25.553702-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:40:25.810037-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468814,
"ParentPID": 8192216,
"Thread": 44105831,
"EventTime": "2021-09-08T21:40:25.553702-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:40:25.810743-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192218,
"ParentPID": 5439688,
"Thread": 23658585,
"EventTime": "2021-09-08T21:40:26.333698-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:40:26.414194-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11468816.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11468816,
"ParentPID": 8192218,
"Thread": 44105833,
"EventTime": "2021-09-08T21:40:26.484058-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:40:26.715378-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11468816",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9240608,
"ParentPID": 11468816,
"Thread": 38732025,
"EventTime": "2021-09-08T21:40:26.514066-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:40:26.716187-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9240608,
"ParentPID": 11468816,
"Thread": 38732025,
"EventTime": "2021-09-08T21:40:26.524068-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:40:26.716918-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9240612aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9240612,
"ParentPID": 11468816,
"Thread": 38732029,
"EventTime": "2021-09-08T21:40:26.534071-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:40:26.717640-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9240612aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9240612,
"ParentPID": 11468816,
"Thread": 38732029,
"EventTime": "2021-09-08T21:40:26.534071-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:40:26.718362-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9240612aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9240612,
"ParentPID": 11468816,
"Thread": 38732029,
"EventTime": "2021-09-08T21:40:26.534071-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:40:26.719069-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11468816/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9240614,
"ParentPID": 11468816,
"Thread": 38732031,
"EventTime": "2021-09-08T21:40:26.544075-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:40:26.719772-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11468816",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9240616,
"ParentPID": 11468816,
"Thread": 38731777,
"EventTime": "2021-09-08T21:40:26.553344-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:40:26.720489-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11468818,
"ParentPID": 8192218,
"Thread": 44105835,
"EventTime": "2021-09-08T21:40:26.554078-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:40:26.721196-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468818,
"ParentPID": 8192218,
"Thread": 44105835,
"EventTime": "2021-09-08T21:40:26.554078-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:40:26.721899-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192220,
"ParentPID": 6684890,
"Thread": 49479899,
"EventTime": "2021-09-08T21:45:00.716281-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:45:00.757196-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192220,
"ParentPID": 6684890,
"Thread": 49479899,
"EventTime": "2021-09-08T21:45:00.716281-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:45:00.758013-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 20:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192220,
"ParentPID": 6684890,
"Thread": 49479899,
"EventTime": "2021-09-08T21:45:00.716281-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:45:00.758760-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192220,
"ParentPID": 6684890,
"Thread": 49479899,
"EventTime": "2021-09-08T21:45:00.716281-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:45:00.759494-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009240638fU0qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240638,
"ParentPID": 11468828,
"Thread": 38731803,
"EventTime": "2021-09-08T21:49:24.475340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:49:24.566910-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11468836,
"ParentPID": 8192222,
"Thread": 47644747,
"EventTime": "2021-09-08T21:49:24.495340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:49:24.567663-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009240662gA0qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240662,
"ParentPID": 11468838,
"Thread": 38731827,
"EventTime": "2021-09-08T21:49:24.587548-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:49:24.876173-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192224,
"ParentPID": 5439688,
"Thread": 49414375,
"EventTime": "2021-09-08T21:49:25.545340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:49:25.779182-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192226,
"ParentPID": 6684890,
"Thread": 41746621,
"EventTime": "2021-09-08T21:50:00.724340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:50:00.942536-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192226,
"ParentPID": 6684890,
"Thread": 41746621,
"EventTime": "2021-09-08T21:50:00.724340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:50:00.943305-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 20:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192226,
"ParentPID": 6684890,
"Thread": 41746621,
"EventTime": "2021-09-08T21:50:00.724340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:50:00.944064-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192226,
"ParentPID": 6684890,
"Thread": 41746621,
"EventTime": "2021-09-08T21:50:00.724340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:50:00.944896-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192228,
"ParentPID": 6684890,
"Thread": 29819087,
"EventTime": "2021-09-08T21:55:00.737037-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:55:00.837985-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192228,
"ParentPID": 6684890,
"Thread": 29819087,
"EventTime": "2021-09-08T21:55:00.737037-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:55:00.838796-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 20:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192228,
"ParentPID": 6684890,
"Thread": 29819087,
"EventTime": "2021-09-08T21:55:00.737037-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:55:00.839545-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192228,
"ParentPID": 6684890,
"Thread": 29819087,
"EventTime": "2021-09-08T21:55:00.737037-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T21:55:00.840281-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192230,
"ParentPID": 6684890,
"Thread": 41746641,
"EventTime": "2021-09-08T22:00:00.745946-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:00:00.760997-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192230,
"ParentPID": 6684890,
"Thread": 41746641,
"EventTime": "2021-09-08T22:00:00.745946-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:00:00.761763-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 21:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192230,
"ParentPID": 6684890,
"Thread": 41746641,
"EventTime": "2021-09-08T22:00:00.745946-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:00:00.762939-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192230,
"ParentPID": 6684890,
"Thread": 41746641,
"EventTime": "2021-09-08T22:00:00.745946-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:00:00.763684-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009240684au0qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240684,
"ParentPID": 8192242,
"Thread": 27656197,
"EventTime": "2021-09-08T22:04:24.675340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:04:24.783866-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192250,
"ParentPID": 11468844,
"Thread": 49479927,
"EventTime": "2021-09-08T22:04:24.685339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:04:24.784371-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009240708aM0qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240708,
"ParentPID": 8192252,
"Thread": 27656221,
"EventTime": "2021-09-08T22:04:24.745339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:04:24.784815-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468846,
"ParentPID": 6684890,
"Thread": 43778129,
"EventTime": "2021-09-08T22:05:00.756137-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:05:00.849352-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468846,
"ParentPID": 6684890,
"Thread": 43778129,
"EventTime": "2021-09-08T22:05:00.756137-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:05:00.849863-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 21:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468846,
"ParentPID": 6684890,
"Thread": 43778129,
"EventTime": "2021-09-08T22:05:00.756137-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:05:00.850327-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468846,
"ParentPID": 6684890,
"Thread": 43778129,
"EventTime": "2021-09-08T22:05:00.756137-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:05:00.850776-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468848,
"ParentPID": 5439688,
"Thread": 38404173,
"EventTime": "2021-09-08T22:06:12.121340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:06:12.329972-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468850,
"ParentPID": 5439688,
"Thread": 38404175,
"EventTime": "2021-09-08T22:06:13.241340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:06:13.547814-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468852,
"ParentPID": 5439688,
"Thread": 38404177,
"EventTime": "2021-09-08T22:06:13.511340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:06:13.548574-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468854,
"ParentPID": 5439688,
"Thread": 38404179,
"EventTime": "2021-09-08T22:06:13.637117-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:06:13.852133-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468856,
"ParentPID": 5439688,
"Thread": 38404181,
"EventTime": "2021-09-08T22:06:13.902244-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:06:14.162138-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.11468858",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 8192254,
"ParentPID": 11468858,
"Thread": 31260727,
"EventTime": "2021-09-08T22:06:13.921340-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:06:14.162766-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468860,
"ParentPID": 5439688,
"Thread": 38404185,
"EventTime": "2021-09-08T22:06:14.178498-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:06:14.470038-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468862,
"ParentPID": 5439688,
"Thread": 38404187,
"EventTime": "2021-09-08T22:06:14.442547-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:06:14.470835-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468864,
"ParentPID": 5439688,
"Thread": 38404189,
"EventTime": "2021-09-08T22:06:14.701340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:06:14.772170-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468866,
"ParentPID": 5439688,
"Thread": 38404191,
"EventTime": "2021-09-08T22:06:14.961340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:06:15.081652-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468868,
"ParentPID": 5439688,
"Thread": 38404193,
"EventTime": "2021-09-08T22:06:15.221340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:06:15.385602-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468870,
"ParentPID": 6684890,
"Thread": 31588547,
"EventTime": "2021-09-08T22:10:00.758509-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:10:00.779268-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468870,
"ParentPID": 6684890,
"Thread": 31588547,
"EventTime": "2021-09-08T22:10:00.758509-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:10:00.780087-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 21:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468870,
"ParentPID": 6684890,
"Thread": 31588547,
"EventTime": "2021-09-08T22:10:00.758509-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:10:00.780844-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468870,
"ParentPID": 6684890,
"Thread": 31588547,
"EventTime": "2021-09-08T22:10:00.763340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:10:00.781581-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468872,
"ParentPID": 6684890,
"Thread": 50331723,
"EventTime": "2021-09-08T22:15:00.764896-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:15:00.966284-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468872,
"ParentPID": 6684890,
"Thread": 50331723,
"EventTime": "2021-09-08T22:15:00.764896-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:15:00.967084-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 21:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468872,
"ParentPID": 6684890,
"Thread": 50331723,
"EventTime": "2021-09-08T22:15:00.764896-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:15:00.967825-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468872,
"ParentPID": 6684890,
"Thread": 50331723,
"EventTime": "2021-09-08T22:15:00.764896-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:15:00.968557-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009240730WI0qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240730,
"ParentPID": 8192008,
"Thread": 42139735,
"EventTime": "2021-09-08T22:19:24.869007-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:19:25.135220-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192016,
"ParentPID": 11468874,
"Thread": 42664163,
"EventTime": "2021-09-08T22:19:24.884372-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:19:25.136031-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009240754Xy0qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240754,
"ParentPID": 8192018,
"Thread": 42139759,
"EventTime": "2021-09-08T22:19:24.979052-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:19:25.136758-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468876,
"ParentPID": 6684890,
"Thread": 35651607,
"EventTime": "2021-09-08T22:20:00.776156-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:20:00.902864-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468876,
"ParentPID": 6684890,
"Thread": 35651607,
"EventTime": "2021-09-08T22:20:00.776156-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:20:00.903643-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 21:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468876,
"ParentPID": 6684890,
"Thread": 35651607,
"EventTime": "2021-09-08T22:20:00.783340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:20:00.904457-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468876,
"ParentPID": 6684890,
"Thread": 35651607,
"EventTime": "2021-09-08T22:20:00.783340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:20:00.905189-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468878,
"ParentPID": 6684890,
"Thread": 48955423,
"EventTime": "2021-09-08T22:25:00.791614-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:25:01.091240-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468878,
"ParentPID": 6684890,
"Thread": 48955423,
"EventTime": "2021-09-08T22:25:00.791614-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:25:01.092071-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 21:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468878,
"ParentPID": 6684890,
"Thread": 48955423,
"EventTime": "2021-09-08T22:25:00.793342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:25:01.092825-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468878,
"ParentPID": 6684890,
"Thread": 48955423,
"EventTime": "2021-09-08T22:25:00.793342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:25:01.093603-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240758,
"ParentPID": 6684890,
"Thread": 39977135,
"EventTime": "2021-09-08T22:30:00.794132-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:30:00.985150-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9240758,
"ParentPID": 6684890,
"Thread": 39977135,
"EventTime": "2021-09-08T22:30:00.794132-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:30:00.985985-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 21:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9240758,
"ParentPID": 6684890,
"Thread": 39977135,
"EventTime": "2021-09-08T22:30:00.794132-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:30:00.986737-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9240758,
"ParentPID": 6684890,
"Thread": 39977135,
"EventTime": "2021-09-08T22:30:00.804135-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:30:00.987472-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240760,
"ParentPID": 5439688,
"Thread": 31588577,
"EventTime": "2021-09-08T22:31:51.020480-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:31:51.268727-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11468882.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11468882,
"ParentPID": 9240760,
"Thread": 49873075,
"EventTime": "2021-09-08T22:31:51.147671-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:31:51.269571-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11468882",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10223710,
"ParentPID": 11468882,
"Thread": 43778163,
"EventTime": "2021-09-08T22:31:51.177682-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:31:51.270327-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10223710,
"ParentPID": 11468882,
"Thread": 43778163,
"EventTime": "2021-09-08T22:31:51.189341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:31:51.271099-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223714aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223714,
"ParentPID": 11468882,
"Thread": 43778167,
"EventTime": "2021-09-08T22:31:51.199341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:31:51.271823-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223714aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223714,
"ParentPID": 11468882,
"Thread": 43778167,
"EventTime": "2021-09-08T22:31:51.199341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:31:51.272535-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223714aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223714,
"ParentPID": 11468882,
"Thread": 43778167,
"EventTime": "2021-09-08T22:31:51.199341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:31:51.273245-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11468882/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10223720,
"ParentPID": 11468882,
"Thread": 43778173,
"EventTime": "2021-09-08T22:31:51.209340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:31:51.273975-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11468882",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10223722,
"ParentPID": 11468882,
"Thread": 43778175,
"EventTime": "2021-09-08T22:31:51.209340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:31:51.274688-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11468884,
"ParentPID": 9240760,
"Thread": 49873077,
"EventTime": "2021-09-08T22:31:51.219340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:31:51.275394-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468884,
"ParentPID": 9240760,
"Thread": 49873077,
"EventTime": "2021-09-08T22:31:51.219340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:31:51.276091-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240762,
"ParentPID": 5439688,
"Thread": 31588579,
"EventTime": "2021-09-08T22:31:51.626415-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:31:51.877528-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11468886.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11468886,
"ParentPID": 9240762,
"Thread": 49873079,
"EventTime": "2021-09-08T22:31:51.752367-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:31:51.878301-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11468886",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10223738,
"ParentPID": 11468886,
"Thread": 43778191,
"EventTime": "2021-09-08T22:31:51.789372-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:31:51.879047-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10223738,
"ParentPID": 11468886,
"Thread": 43778191,
"EventTime": "2021-09-08T22:31:51.789372-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:31:51.879808-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223742aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223742,
"ParentPID": 11468886,
"Thread": 43778195,
"EventTime": "2021-09-08T22:31:51.799340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:31:51.880591-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223742aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223742,
"ParentPID": 11468886,
"Thread": 43778195,
"EventTime": "2021-09-08T22:31:51.799340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:31:51.881305-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223742aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223742,
"ParentPID": 11468886,
"Thread": 43778195,
"EventTime": "2021-09-08T22:31:51.809340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:31:51.882020-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11468886/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10223748,
"ParentPID": 11468886,
"Thread": 43778201,
"EventTime": "2021-09-08T22:31:51.819340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:31:51.882740-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11468886",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10223750,
"ParentPID": 11468886,
"Thread": 43778203,
"EventTime": "2021-09-08T22:31:51.819340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:31:51.883445-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 11468888,
"ParentPID": 9240762,
"Thread": 49873081,
"EventTime": "2021-09-08T22:31:51.819340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:31:51.884150-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468888,
"ParentPID": 9240762,
"Thread": 49873081,
"EventTime": "2021-09-08T22:31:51.819340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:31:51.884846-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240764,
"ParentPID": 5439688,
"Thread": 31588581,
"EventTime": "2021-09-08T22:31:52.877409-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:31:53.093299-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh11468890.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 11468890,
"ParentPID": 9240764,
"Thread": 49873083,
"EventTime": "2021-09-08T22:31:53.002183-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:31:53.094071-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.11468890",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10223766,
"ParentPID": 11468890,
"Thread": 43778219,
"EventTime": "2021-09-08T22:31:53.039344-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:31:53.094814-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10223766,
"ParentPID": 11468890,
"Thread": 43778219,
"EventTime": "2021-09-08T22:31:53.042196-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:31:53.095532-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223770aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223770,
"ParentPID": 11468890,
"Thread": 43778223,
"EventTime": "2021-09-08T22:31:53.052199-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:31:53.096260-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223770aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223770,
"ParentPID": 11468890,
"Thread": 43778223,
"EventTime": "2021-09-08T22:31:53.052199-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:31:53.096971-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10223770aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10223770,
"ParentPID": 11468890,
"Thread": 43778223,
"EventTime": "2021-09-08T22:31:53.059340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:31:53.097685-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.11468890/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10223776,
"ParentPID": 11468890,
"Thread": 43778229,
"EventTime": "2021-09-08T22:31:53.069340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:31:53.098410-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.11468890",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10223778,
"ParentPID": 11468890,
"Thread": 43778231,
"EventTime": "2021-09-08T22:31:53.072205-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:31:53.099111-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10486008,
"ParentPID": 9240764,
"Thread": 35455207,
"EventTime": "2021-09-08T22:31:53.082209-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:31:53.099862-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10486008,
"ParentPID": 9240764,
"Thread": 35455207,
"EventTime": "2021-09-08T22:31:53.082209-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:31:53.100614-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.11468892",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10223780,
"ParentPID": 11468892,
"Thread": 43778233,
"EventTime": "2021-09-08T22:31:53.089373-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:31:53.101142-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240766,
"ParentPID": 5439688,
"Thread": 39977143,
"EventTime": "2021-09-08T22:32:04.623976-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:32:04.835453-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240768,
"ParentPID": 5439688,
"Thread": 39977145,
"EventTime": "2021-09-08T22:32:06.010061-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:32:06.039792-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240770,
"ParentPID": 5439688,
"Thread": 39977147,
"EventTime": "2021-09-08T22:32:07.391765-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:32:07.549050-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240772,
"ParentPID": 5439688,
"Thread": 39977149,
"EventTime": "2021-09-08T22:32:08.774509-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:32:09.071870-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10486010.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10486010,
"ParentPID": 9240772,
"Thread": 35455209,
"EventTime": "2021-09-08T22:32:08.904837-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:32:09.072682-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10486010",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11468908,
"ParentPID": 10486010,
"Thread": 49873101,
"EventTime": "2021-09-08T22:32:08.934848-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:32:09.073418-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11468908,
"ParentPID": 10486010,
"Thread": 49873101,
"EventTime": "2021-09-08T22:32:08.944889-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:32:09.074148-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468912aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468912,
"ParentPID": 10486010,
"Thread": 49873105,
"EventTime": "2021-09-08T22:32:08.948340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:32:09.074874-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468912aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468912,
"ParentPID": 10486010,
"Thread": 49873105,
"EventTime": "2021-09-08T22:32:08.954892-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:32:09.075598-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468912aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468912,
"ParentPID": 10486010,
"Thread": 49873105,
"EventTime": "2021-09-08T22:32:08.954892-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:32:09.076313-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10486010/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11468918,
"ParentPID": 10486010,
"Thread": 49873111,
"EventTime": "2021-09-08T22:32:08.964896-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:32:09.077040-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10486010",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11468920,
"ParentPID": 10486010,
"Thread": 49873113,
"EventTime": "2021-09-08T22:32:08.970314-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:32:09.077744-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10486012,
"ParentPID": 9240772,
"Thread": 35455211,
"EventTime": "2021-09-08T22:32:08.970314-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:32:09.078527-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10486012,
"ParentPID": 9240772,
"Thread": 35455211,
"EventTime": "2021-09-08T22:32:08.974898-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:32:09.079243-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240774,
"ParentPID": 5439688,
"Thread": 39977151,
"EventTime": "2021-09-08T22:32:10.228340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:32:10.289196-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10486014.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10486014,
"ParentPID": 9240774,
"Thread": 35455213,
"EventTime": "2021-09-08T22:32:10.368573-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:32:10.594212-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10486014",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11468936,
"ParentPID": 10486014,
"Thread": 49873129,
"EventTime": "2021-09-08T22:32:10.400913-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:32:10.595027-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11468936,
"ParentPID": 10486014,
"Thread": 49873129,
"EventTime": "2021-09-08T22:32:10.408369-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:32:10.595766-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468940aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468940,
"ParentPID": 10486014,
"Thread": 49873133,
"EventTime": "2021-09-08T22:32:10.408584-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:32:10.596490-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468940aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468940,
"ParentPID": 10486014,
"Thread": 49873133,
"EventTime": "2021-09-08T22:32:10.418587-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:32:10.597221-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468940aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468940,
"ParentPID": 10486014,
"Thread": 49873133,
"EventTime": "2021-09-08T22:32:10.418587-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:32:10.597937-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10486014/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11468946,
"ParentPID": 10486014,
"Thread": 49873139,
"EventTime": "2021-09-08T22:32:10.428590-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:32:10.598698-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10486014",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11468948,
"ParentPID": 10486014,
"Thread": 49873141,
"EventTime": "2021-09-08T22:32:10.428590-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:32:10.599507-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10485760,
"ParentPID": 9240774,
"Thread": 35455215,
"EventTime": "2021-09-08T22:32:10.428590-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:32:10.600229-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485760,
"ParentPID": 9240774,
"Thread": 35455215,
"EventTime": "2021-09-08T22:32:10.428590-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:32:10.600945-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9240776,
"ParentPID": 5439688,
"Thread": 39977153,
"EventTime": "2021-09-08T22:32:11.698340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:32:11.813049-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-08T22:33:06.627344-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:33:06.804526-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011468970RyHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468970,
"ParentPID": 10485770,
"Thread": 35454983,
"EventTime": "2021-09-08T22:34:25.104341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:34:25.230624-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10485778,
"ParentPID": 9240780,
"Thread": 31260757,
"EventTime": "2021-09-08T22:34:25.124341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:34:25.231380-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011468994SeHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468994,
"ParentPID": 10485780,
"Thread": 35455007,
"EventTime": "2021-09-08T22:34:25.218214-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:34:25.232111-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485782,
"ParentPID": 6684890,
"Thread": 31588591,
"EventTime": "2021-09-08T22:35:00.805426-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:35:01.004219-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485782,
"ParentPID": 6684890,
"Thread": 31588591,
"EventTime": "2021-09-08T22:35:00.805426-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:35:01.005030-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 21:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485782,
"ParentPID": 6684890,
"Thread": 31588591,
"EventTime": "2021-09-08T22:35:00.805426-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:35:01.005774-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485782,
"ParentPID": 6684890,
"Thread": 31588591,
"EventTime": "2021-09-08T22:35:00.813341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:35:01.006519-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485784,
"ParentPID": 6684890,
"Thread": 47775859,
"EventTime": "2021-09-08T22:40:00.813541-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:40:00.928047-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485784,
"ParentPID": 6684890,
"Thread": 47775859,
"EventTime": "2021-09-08T22:40:00.813541-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:40:00.928817-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 21:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485784,
"ParentPID": 6684890,
"Thread": 47775859,
"EventTime": "2021-09-08T22:40:00.823543-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:40:00.929565-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485784,
"ParentPID": 6684890,
"Thread": 47775859,
"EventTime": "2021-09-08T22:40:00.823543-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:40:00.930305-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485786,
"ParentPID": 5439688,
"Thread": 40435897,
"EventTime": "2021-09-08T22:43:01.365920-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:43:01.497208-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485788,
"ParentPID": 6684890,
"Thread": 33030275,
"EventTime": "2021-09-08T22:45:00.822731-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:45:01.099063-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485788,
"ParentPID": 6684890,
"Thread": 33030275,
"EventTime": "2021-09-08T22:45:00.822731-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:45:01.099834-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 21:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485788,
"ParentPID": 6684890,
"Thread": 33030275,
"EventTime": "2021-09-08T22:45:00.832736-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:45:01.100586-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485788,
"ParentPID": 6684890,
"Thread": 33030275,
"EventTime": "2021-09-08T22:45:00.832736-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:45:01.101329-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009240802Me0qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240802,
"ParentPID": 11469004,
"Thread": 31195201,
"EventTime": "2021-09-08T22:49:25.345840-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:49:25.514218-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11469012,
"ParentPID": 10485790,
"Thread": 44105867,
"EventTime": "2021-09-08T22:49:25.363409-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:49:25.515038-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009240826MM0qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240826,
"ParentPID": 11469014,
"Thread": 31195225,
"EventTime": "2021-09-08T22:49:25.453447-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:49:25.515768-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11469016,
"ParentPID": 6684890,
"Thread": 47775879,
"EventTime": "2021-09-08T22:50:00.840271-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:50:00.967060-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11469016,
"ParentPID": 6684890,
"Thread": 47775879,
"EventTime": "2021-09-08T22:50:00.840271-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:50:00.968003-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 21:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11469016,
"ParentPID": 6684890,
"Thread": 47775879,
"EventTime": "2021-09-08T22:50:00.842340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:50:00.968795-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11469016,
"ParentPID": 6684890,
"Thread": 47775879,
"EventTime": "2021-09-08T22:50:00.842340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:50:00.969541-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11469018,
"ParentPID": 6684890,
"Thread": 29425723,
"EventTime": "2021-09-08T22:55:00.849877-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:55:01.111436-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11469018,
"ParentPID": 6684890,
"Thread": 29425723,
"EventTime": "2021-09-08T22:55:00.849877-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:55:01.112270-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 21:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11469018,
"ParentPID": 6684890,
"Thread": 29425723,
"EventTime": "2021-09-08T22:55:00.849877-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:55:01.113047-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11469018,
"ParentPID": 6684890,
"Thread": 29425723,
"EventTime": "2021-09-08T22:55:00.849877-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T22:55:01.113836-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11469020,
"ParentPID": 6684890,
"Thread": 46727271,
"EventTime": "2021-09-08T23:00:00.859020-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:00:00.959787-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11469020,
"ParentPID": 6684890,
"Thread": 46727271,
"EventTime": "2021-09-08T23:00:00.859020-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:00:00.960560-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 22:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11469020,
"ParentPID": 6684890,
"Thread": 46727271,
"EventTime": "2021-09-08T23:00:00.859020-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:00:00.961319-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11469020,
"ParentPID": 6684890,
"Thread": 46727271,
"EventTime": "2021-09-08T23:00:00.862340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:00:00.962051-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10485792",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9240828,
"ParentPID": 10485792,
"Thread": 46530625,
"EventTime": "2021-09-08T23:00:00.879026-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:00:00.962642-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009240594GM0qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240594,
"ParentPID": 11469032,
"Thread": 47579279,
"EventTime": "2021-09-08T23:04:25.583341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:04:25.701445-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11469040,
"ParentPID": 10485798,
"Thread": 47644783,
"EventTime": "2021-09-08T23:04:25.603340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:04:25.702219-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009240618H30qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240618,
"ParentPID": 11469042,
"Thread": 47579303,
"EventTime": "2021-09-08T23:04:25.693341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:04:25.702955-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11469044,
"ParentPID": 6684890,
"Thread": 49872919,
"EventTime": "2021-09-08T23:05:00.882340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:05:01.169556-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11469044,
"ParentPID": 6684890,
"Thread": 49872919,
"EventTime": "2021-09-08T23:05:00.882340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:05:01.170385-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 22:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11469044,
"ParentPID": 6684890,
"Thread": 49872919,
"EventTime": "2021-09-08T23:05:00.882340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:05:01.171141-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11469044,
"ParentPID": 6684890,
"Thread": 49872919,
"EventTime": "2021-09-08T23:05:00.882340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:05:01.171870-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11469046,
"ParentPID": 6684890,
"Thread": 37028067,
"EventTime": "2021-09-08T23:10:00.892340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:10:01.020842-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11469046,
"ParentPID": 6684890,
"Thread": 37028067,
"EventTime": "2021-09-08T23:10:00.892340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:10:01.021675-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 22:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11469046,
"ParentPID": 6684890,
"Thread": 37028067,
"EventTime": "2021-09-08T23:10:00.892340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:10:01.022463-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11469046,
"ParentPID": 6684890,
"Thread": 37028067,
"EventTime": "2021-09-08T23:10:00.892340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:10:01.023212-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11469048,
"ParentPID": 6684890,
"Thread": 39518327,
"EventTime": "2021-09-08T23:15:00.901340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:15:00.917895-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11469048,
"ParentPID": 6684890,
"Thread": 39518327,
"EventTime": "2021-09-08T23:15:00.901340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:15:00.918661-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 22:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11469048,
"ParentPID": 6684890,
"Thread": 39518327,
"EventTime": "2021-09-08T23:15:00.901340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:15:00.919407-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11469048,
"ParentPID": 6684890,
"Thread": 39518327,
"EventTime": "2021-09-08T23:15:00.901340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:15:00.920177-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636340B3v7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636340,
"ParentPID": 4718776,
"Thread": 42795023,
"EventTime": "2021-09-08T23:19:25.823344-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:19:25.941281-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 4718784,
"ParentPID": 11469050,
"Thread": 47644821,
"EventTime": "2021-09-08T23:19:25.843340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:19:25.942050-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636108Civ7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636108,
"ParentPID": 4718786,
"Thread": 42795047,
"EventTime": "2021-09-08T23:19:25.939131-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:19:26.244187-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11469052,
"ParentPID": 6684890,
"Thread": 30736615,
"EventTime": "2021-09-08T23:20:00.911340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:20:01.115124-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11469052,
"ParentPID": 6684890,
"Thread": 30736615,
"EventTime": "2021-09-08T23:20:00.911340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:20:01.115950-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 22:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11469052,
"ParentPID": 6684890,
"Thread": 30736615,
"EventTime": "2021-09-08T23:20:00.911340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:20:01.116702-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11469052,
"ParentPID": 6684890,
"Thread": 30736615,
"EventTime": "2021-09-08T23:20:00.913711-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:20:01.117440-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11469054,
"ParentPID": 6684890,
"Thread": 38404253,
"EventTime": "2021-09-08T23:25:00.912252-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:25:00.922164-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11469054,
"ParentPID": 6684890,
"Thread": 38404253,
"EventTime": "2021-09-08T23:25:00.912252-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:25:00.922683-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 22:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11469054,
"ParentPID": 6684890,
"Thread": 38404253,
"EventTime": "2021-09-08T23:25:00.912252-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:25:00.923150-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11469054,
"ParentPID": 6684890,
"Thread": 38404253,
"EventTime": "2021-09-08T23:25:00.912252-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:25:00.923611-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636112,
"ParentPID": 6684890,
"Thread": 48955441,
"EventTime": "2021-09-08T23:30:00.920357-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:30:01.041691-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636112,
"ParentPID": 6684890,
"Thread": 48955441,
"EventTime": "2021-09-08T23:30:00.920357-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:30:01.042534-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 22:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636112,
"ParentPID": 6684890,
"Thread": 48955441,
"EventTime": "2021-09-08T23:30:00.920357-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:30:01.043289-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636112,
"ParentPID": 6684890,
"Thread": 48955441,
"EventTime": "2021-09-08T23:30:00.920357-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:30:01.044028-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-08T23:33:06.506451-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:33:06.756272-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00092406427e0qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9240642,
"ParentPID": 11468810,
"Thread": 36175925,
"EventTime": "2021-09-08T23:34:26.062365-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:34:26.118659-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11468818,
"ParentPID": 5636116,
"Thread": 47775919,
"EventTime": "2021-09-08T23:34:26.076537-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:34:26.119421-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00104858267QEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485826,
"ParentPID": 11010284,
"Thread": 46530667,
"EventTime": "2021-09-08T23:34:26.176570-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:34:26.423186-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636118,
"ParentPID": 6684890,
"Thread": 20840453,
"EventTime": "2021-09-08T23:35:00.934142-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:35:00.985845-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636118,
"ParentPID": 6684890,
"Thread": 20840453,
"EventTime": "2021-09-08T23:35:00.934142-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:35:00.986616-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 22:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636118,
"ParentPID": 6684890,
"Thread": 20840453,
"EventTime": "2021-09-08T23:35:00.934142-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:35:00.987364-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636118,
"ParentPID": 6684890,
"Thread": 20840453,
"EventTime": "2021-09-08T23:35:00.938998-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:35:00.988093-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636120,
"ParentPID": 5439688,
"Thread": 42336341,
"EventTime": "2021-09-08T23:38:13.984340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:38:14.196068-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10485828.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10485828,
"ParentPID": 5636120,
"Thread": 45547645,
"EventTime": "2021-09-08T23:38:14.114340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:38:14.196837-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10485828",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9371888,
"ParentPID": 10485828,
"Thread": 38928533,
"EventTime": "2021-09-08T23:38:14.144340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:38:14.197567-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9371888,
"ParentPID": 10485828,
"Thread": 38928533,
"EventTime": "2021-09-08T23:38:14.154886-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:38:14.198280-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9371892aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9371892,
"ParentPID": 10485828,
"Thread": 38928537,
"EventTime": "2021-09-08T23:38:14.161280-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:38:14.199009-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9371892aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9371892,
"ParentPID": 10485828,
"Thread": 38928537,
"EventTime": "2021-09-08T23:38:14.164340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:38:14.199720-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9371892aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9371892,
"ParentPID": 10485828,
"Thread": 38928537,
"EventTime": "2021-09-08T23:38:14.164340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:38:14.200440-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10485828/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9371894,
"ParentPID": 10485828,
"Thread": 38928539,
"EventTime": "2021-09-08T23:38:14.174341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:38:14.201168-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10485828",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9371896,
"ParentPID": 10485828,
"Thread": 38928541,
"EventTime": "2021-09-08T23:38:14.174341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:38:14.201882-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10485830,
"ParentPID": 5636120,
"Thread": 45547647,
"EventTime": "2021-09-08T23:38:14.184340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:38:14.202596-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485830,
"ParentPID": 5636120,
"Thread": 45547647,
"EventTime": "2021-09-08T23:38:14.184340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:38:14.203298-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636122,
"ParentPID": 5439688,
"Thread": 42336343,
"EventTime": "2021-09-08T23:38:14.824340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:38:15.106918-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10485832.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10485832,
"ParentPID": 5636122,
"Thread": 45547649,
"EventTime": "2021-09-08T23:38:14.955494-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:38:15.107724-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10485832",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9371656,
"ParentPID": 10485832,
"Thread": 38928557,
"EventTime": "2021-09-08T23:38:14.984340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:38:15.108446-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9371656,
"ParentPID": 10485832,
"Thread": 38928557,
"EventTime": "2021-09-08T23:38:14.995498-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:38:15.109166-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9371660aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9371660,
"ParentPID": 10485832,
"Thread": 38928561,
"EventTime": "2021-09-08T23:38:15.005507-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:38:15.109884-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9371660aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9371660,
"ParentPID": 10485832,
"Thread": 38928561,
"EventTime": "2021-09-08T23:38:15.005507-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:38:15.110588-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9371660aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9371660,
"ParentPID": 10485832,
"Thread": 38928561,
"EventTime": "2021-09-08T23:38:15.005507-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:38:15.111291-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10223640",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 8978632,
"ParentPID": 10223640,
"Thread": 36831323,
"EventTime": "2021-09-08T23:38:15.024341-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:38:15.111830-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10485832/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9371666,
"ParentPID": 10485832,
"Thread": 38928567,
"EventTime": "2021-09-08T23:38:15.024341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:38:15.112530-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10485832",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9371668,
"ParentPID": 10485832,
"Thread": 38928569,
"EventTime": "2021-09-08T23:38:15.034407-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:38:15.113236-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10485834,
"ParentPID": 5636122,
"Thread": 45547651,
"EventTime": "2021-09-08T23:38:15.034407-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:38:15.113967-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485834,
"ParentPID": 5636122,
"Thread": 45547651,
"EventTime": "2021-09-08T23:38:15.034407-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:38:15.114688-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636124,
"ParentPID": 6684890,
"Thread": 42336351,
"EventTime": "2021-09-08T23:40:00.941339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:40:01.187777-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636124,
"ParentPID": 6684890,
"Thread": 42336351,
"EventTime": "2021-09-08T23:40:00.941339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:40:01.188300-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 22:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636124,
"ParentPID": 6684890,
"Thread": 42336351,
"EventTime": "2021-09-08T23:40:00.941339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:40:01.188771-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636124,
"ParentPID": 6684890,
"Thread": 42336351,
"EventTime": "2021-09-08T23:40:00.941339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:40:01.189230-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636126,
"ParentPID": 6684890,
"Thread": 32047165,
"EventTime": "2021-09-08T23:45:00.945536-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:45:00.956097-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636126,
"ParentPID": 6684890,
"Thread": 32047165,
"EventTime": "2021-09-08T23:45:00.945536-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:45:00.956576-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 22:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636126,
"ParentPID": 6684890,
"Thread": 32047165,
"EventTime": "2021-09-08T23:45:00.945536-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:45:00.957040-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636126,
"ParentPID": 6684890,
"Thread": 32047165,
"EventTime": "2021-09-08T23:45:00.945536-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:45:00.957496-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 5636128,
"ParentPID": 5439688,
"Thread": 20840471,
"EventTime": "2021-09-08T23:47:12.346339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:47:12.524158-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009371690170Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371690,
"ParentPID": 10485844,
"Thread": 32964613,
"EventTime": "2021-09-08T23:49:26.252339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:49:26.478297-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10485852,
"ParentPID": 5636130,
"Thread": 49479723,
"EventTime": "2021-09-08T23:49:26.262340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:49:26.478811-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00093717141Y0Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371714,
"ParentPID": 10485854,
"Thread": 32964637,
"EventTime": "2021-09-08T23:49:26.322340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:49:26.479272-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636132,
"ParentPID": 6684890,
"Thread": 35651639,
"EventTime": "2021-09-08T23:50:00.948638-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:50:01.029314-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636132,
"ParentPID": 6684890,
"Thread": 35651639,
"EventTime": "2021-09-08T23:50:00.948638-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:50:01.029826-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 22:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636132,
"ParentPID": 6684890,
"Thread": 35651639,
"EventTime": "2021-09-08T23:50:00.948638-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:50:01.030296-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636132,
"ParentPID": 6684890,
"Thread": 35651639,
"EventTime": "2021-09-08T23:50:00.948638-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:50:01.030775-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636134,
"ParentPID": 6684890,
"Thread": 20840489,
"EventTime": "2021-09-08T23:55:00.951895-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:55:01.131242-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636134,
"ParentPID": 6684890,
"Thread": 20840489,
"EventTime": "2021-09-08T23:55:00.951895-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:55:01.132103-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 22:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636134,
"ParentPID": 6684890,
"Thread": 20840489,
"EventTime": "2021-09-08T23:55:00.951895-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:55:01.132887-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636134,
"ParentPID": 6684890,
"Thread": 20840489,
"EventTime": "2021-09-08T23:55:00.951895-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-08T23:55:01.133629-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636136,
"ParentPID": 6684890,
"Thread": 38863019,
"EventTime": "2021-09-09T00:00:00.961796-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:00:01.202407-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636136,
"ParentPID": 6684890,
"Thread": 38863019,
"EventTime": "2021-09-09T00:00:00.961796-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:00:01.202921-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 23:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636136,
"ParentPID": 6684890,
"Thread": 38863019,
"EventTime": "2021-09-09T00:00:00.961796-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:00:01.203388-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636136,
"ParentPID": 6684890,
"Thread": 38863019,
"EventTime": "2021-09-09T00:00:00.961796-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:00:01.203841-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009371736uA0Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371736,
"ParentPID": 5636148,
"Thread": 34209909,
"EventTime": "2021-09-09T00:04:26.394501-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:04:26.444991-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 5636156,
"ParentPID": 10485860,
"Thread": 28377319,
"EventTime": "2021-09-09T00:04:26.404504-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:04:26.445465-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009371760ve0Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371760,
"ParentPID": 5636158,
"Thread": 34209933,
"EventTime": "2021-09-09T00:04:26.471831-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:04:26.751861-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485862,
"ParentPID": 6684890,
"Thread": 36897013,
"EventTime": "2021-09-09T00:05:00.964067-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:05:01.014705-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485862,
"ParentPID": 6684890,
"Thread": 36897013,
"EventTime": "2021-09-09T00:05:00.964067-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:05:01.015219-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 23:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485862,
"ParentPID": 6684890,
"Thread": 36897013,
"EventTime": "2021-09-09T00:05:00.964067-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:05:01.015685-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485862,
"ParentPID": 6684890,
"Thread": 36897013,
"EventTime": "2021-09-09T00:05:00.964067-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:05:01.016141-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485864,
"ParentPID": 5439688,
"Thread": 36897015,
"EventTime": "2021-09-09T00:05:29.499339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:05:29.560993-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485866,
"ParentPID": 5439688,
"Thread": 36897017,
"EventTime": "2021-09-09T00:05:30.589339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:05:30.765723-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485868,
"ParentPID": 5439688,
"Thread": 36897019,
"EventTime": "2021-09-09T00:05:30.867232-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:05:31.068011-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485870,
"ParentPID": 5439688,
"Thread": 36897021,
"EventTime": "2021-09-09T00:05:31.029339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:05:31.068520-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485872,
"ParentPID": 5439688,
"Thread": 36897023,
"EventTime": "2021-09-09T00:05:31.306150-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:05:31.369908-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485874,
"ParentPID": 5439688,
"Thread": 36896769,
"EventTime": "2021-09-09T00:05:31.589339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:05:31.677336-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485876,
"ParentPID": 5439688,
"Thread": 36896771,
"EventTime": "2021-09-09T00:05:31.867852-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:05:31.979853-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485878,
"ParentPID": 5439688,
"Thread": 36896773,
"EventTime": "2021-09-09T00:05:32.137623-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:05:32.288376-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485880,
"ParentPID": 5439688,
"Thread": 36896775,
"EventTime": "2021-09-09T00:05:32.409339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:05:32.589841-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485882,
"ParentPID": 5439688,
"Thread": 36896777,
"EventTime": "2021-09-09T00:05:32.679339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:05:32.899517-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485884,
"ParentPID": 6684890,
"Thread": 38731893,
"EventTime": "2021-09-09T00:10:00.963350-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:10:01.134244-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485884,
"ParentPID": 6684890,
"Thread": 38731893,
"EventTime": "2021-09-09T00:10:00.963350-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:10:01.134757-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 23:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485884,
"ParentPID": 6684890,
"Thread": 38731893,
"EventTime": "2021-09-09T00:10:00.970340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:10:01.135221-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485884,
"ParentPID": 6684890,
"Thread": 38731893,
"EventTime": "2021-09-09T00:10:00.970340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:10:01.135676-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485886,
"ParentPID": 6684890,
"Thread": 36307155,
"EventTime": "2021-09-09T00:15:00.970340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:15:01.191967-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485886,
"ParentPID": 6684890,
"Thread": 36307155,
"EventTime": "2021-09-09T00:15:00.970340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:15:01.192479-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 23:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485886,
"ParentPID": 6684890,
"Thread": 36307155,
"EventTime": "2021-09-09T00:15:00.970340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:15:01.192943-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485886,
"ParentPID": 6684890,
"Thread": 36307155,
"EventTime": "2021-09-09T00:15:00.970340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:15:01.193398-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009371782oU0Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371782,
"ParentPID": 5636168,
"Thread": 29425765,
"EventTime": "2021-09-09T00:19:26.581372-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:19:26.785055-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 5636176,
"ParentPID": 10485888,
"Thread": 48496889,
"EventTime": "2021-09-09T00:19:26.599409-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:19:26.785861-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09371784",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10223674,
"ParentPID": 9371784,
"Thread": 45678683,
"EventTime": "2021-09-09T00:19:26.621341-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:19:26.786411-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009371806pI0Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371806,
"ParentPID": 11468822,
"Thread": 29425789,
"EventTime": "2021-09-09T00:19:26.703963-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:19:26.787135-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485890,
"ParentPID": 6684890,
"Thread": 38731913,
"EventTime": "2021-09-09T00:20:00.976474-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:20:01.047479-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485890,
"ParentPID": 6684890,
"Thread": 38731913,
"EventTime": "2021-09-09T00:20:00.976474-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:20:01.048288-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 23:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485890,
"ParentPID": 6684890,
"Thread": 38731913,
"EventTime": "2021-09-09T00:20:00.979340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:20:01.049030-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485890,
"ParentPID": 6684890,
"Thread": 38731913,
"EventTime": "2021-09-09T00:20:00.979340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:20:01.049781-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485892,
"ParentPID": 6684890,
"Thread": 44630023,
"EventTime": "2021-09-09T00:25:00.987801-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:25:01.209263-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485892,
"ParentPID": 6684890,
"Thread": 44630023,
"EventTime": "2021-09-09T00:25:00.987801-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:25:01.210086-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 23:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485892,
"ParentPID": 6684890,
"Thread": 44630023,
"EventTime": "2021-09-09T00:25:00.989340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:25:01.210891-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485892,
"ParentPID": 6684890,
"Thread": 44630023,
"EventTime": "2021-09-09T00:25:00.989340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:25:01.211632-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223684,
"ParentPID": 6684890,
"Thread": 48562229,
"EventTime": "2021-09-09T00:30:00.990404-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:30:01.184393-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223684,
"ParentPID": 6684890,
"Thread": 48562229,
"EventTime": "2021-09-09T00:30:00.990404-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:30:01.185165-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 23:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223684,
"ParentPID": 6684890,
"Thread": 48562229,
"EventTime": "2021-09-09T00:30:00.990404-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:30:01.185918-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223684,
"ParentPID": 6684890,
"Thread": 48562229,
"EventTime": "2021-09-09T00:30:01.000408-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:30:01.186659-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223686,
"ParentPID": 5439688,
"Thread": 28704987,
"EventTime": "2021-09-09T00:31:08.417136-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:08.490795-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10485896.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10485896,
"ParentPID": 10223686,
"Thread": 40370329,
"EventTime": "2021-09-09T00:31:08.547495-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:08.798866-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10485896",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11010108,
"ParentPID": 10485896,
"Thread": 44957799,
"EventTime": "2021-09-09T00:31:08.577505-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:08.799671-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11010108,
"ParentPID": 10485896,
"Thread": 44957799,
"EventTime": "2021-09-09T00:31:08.588094-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:08.800404-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010112aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010112,
"ParentPID": 10485896,
"Thread": 44957803,
"EventTime": "2021-09-09T00:31:08.597511-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:08.801120-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010112aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010112,
"ParentPID": 10485896,
"Thread": 44957803,
"EventTime": "2021-09-09T00:31:08.597511-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:08.801844-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010112aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010112,
"ParentPID": 10485896,
"Thread": 44957803,
"EventTime": "2021-09-09T00:31:08.597511-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:08.802551-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10485896/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11010114,
"ParentPID": 10485896,
"Thread": 44957805,
"EventTime": "2021-09-09T00:31:08.607516-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:08.803265-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10485896",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11010116,
"ParentPID": 10485896,
"Thread": 44957807,
"EventTime": "2021-09-09T00:31:08.607516-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:08.803990-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10485898,
"ParentPID": 10223686,
"Thread": 40370331,
"EventTime": "2021-09-09T00:31:08.617520-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:08.804701-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485898,
"ParentPID": 10223686,
"Thread": 40370331,
"EventTime": "2021-09-09T00:31:08.617520-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:08.805411-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223688,
"ParentPID": 5439688,
"Thread": 28704989,
"EventTime": "2021-09-09T00:31:09.340471-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:09.410483-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10485900.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10485900,
"ParentPID": 10223688,
"Thread": 40370333,
"EventTime": "2021-09-09T00:31:09.469861-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:09.718210-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10485900",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11010132,
"ParentPID": 10485900,
"Thread": 44957823,
"EventTime": "2021-09-09T00:31:09.507365-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:09.719017-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11010132,
"ParentPID": 10485900,
"Thread": 44957823,
"EventTime": "2021-09-09T00:31:09.511470-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:09.719752-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010136aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010136,
"ParentPID": 10485900,
"Thread": 44957827,
"EventTime": "2021-09-09T00:31:09.522861-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:09.720510-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010136aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010136,
"ParentPID": 10485900,
"Thread": 44957827,
"EventTime": "2021-09-09T00:31:09.522861-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:09.721240-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010136aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010136,
"ParentPID": 10485900,
"Thread": 44957827,
"EventTime": "2021-09-09T00:31:09.527342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:09.721954-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10485900/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11010142,
"ParentPID": 10485900,
"Thread": 44957833,
"EventTime": "2021-09-09T00:31:09.537340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:09.722666-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10485900",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11010144,
"ParentPID": 10485900,
"Thread": 44957835,
"EventTime": "2021-09-09T00:31:09.540620-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:09.723397-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10485902,
"ParentPID": 10223688,
"Thread": 40370335,
"EventTime": "2021-09-09T00:31:09.540620-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:09.724137-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485902,
"ParentPID": 10223688,
"Thread": 40370335,
"EventTime": "2021-09-09T00:31:09.540620-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:09.724851-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223690,
"ParentPID": 5439688,
"Thread": 28704991,
"EventTime": "2021-09-09T00:31:10.957340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:11.235176-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10485904.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10485904,
"ParentPID": 10223690,
"Thread": 40370337,
"EventTime": "2021-09-09T00:31:11.092420-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:11.235987-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10485904",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11010160,
"ParentPID": 10485904,
"Thread": 44957851,
"EventTime": "2021-09-09T00:31:11.124720-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:11.236724-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11010160,
"ParentPID": 10485904,
"Thread": 44957851,
"EventTime": "2021-09-09T00:31:11.127341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:11.237486-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010164aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010164,
"ParentPID": 10485904,
"Thread": 44957855,
"EventTime": "2021-09-09T00:31:11.137404-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:11.238291-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010164aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010164,
"ParentPID": 10485904,
"Thread": 44957855,
"EventTime": "2021-09-09T00:31:11.137404-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:11.239067-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010164aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010164,
"ParentPID": 10485904,
"Thread": 44957855,
"EventTime": "2021-09-09T00:31:11.144084-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:11.239790-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10485904/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11010166,
"ParentPID": 10485904,
"Thread": 44957857,
"EventTime": "2021-09-09T00:31:11.154087-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:11.240528-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10485904",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11010168,
"ParentPID": 10485904,
"Thread": 44957859,
"EventTime": "2021-09-09T00:31:11.157372-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:11.241236-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10485906,
"ParentPID": 10223690,
"Thread": 40370339,
"EventTime": "2021-09-09T00:31:11.157372-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:11.241949-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485906,
"ParentPID": 10223690,
"Thread": 40370339,
"EventTime": "2021-09-09T00:31:11.157372-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:11.242651-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223692,
"ParentPID": 5439688,
"Thread": 28704993,
"EventTime": "2021-09-09T00:31:22.714314-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:22.963305-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223694,
"ParentPID": 5439688,
"Thread": 28704995,
"EventTime": "2021-09-09T00:31:24.096340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:24.169148-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223696,
"ParentPID": 5439688,
"Thread": 28704997,
"EventTime": "2021-09-09T00:31:25.476340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:25.683247-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223698,
"ParentPID": 5439688,
"Thread": 28704999,
"EventTime": "2021-09-09T00:31:26.859353-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:26.896707-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10485908.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10485908,
"ParentPID": 10223698,
"Thread": 40370341,
"EventTime": "2021-09-09T00:31:26.986340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:27.207224-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10485908",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11010184,
"ParentPID": 10485908,
"Thread": 44957875,
"EventTime": "2021-09-09T00:31:27.016340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:27.208048-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11010184,
"ParentPID": 10485908,
"Thread": 44957875,
"EventTime": "2021-09-09T00:31:27.026340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:27.208788-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010188aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010188,
"ParentPID": 10485908,
"Thread": 44957879,
"EventTime": "2021-09-09T00:31:27.036340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:27.209511-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010188aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010188,
"ParentPID": 10485908,
"Thread": 44957879,
"EventTime": "2021-09-09T00:31:27.036340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:27.210234-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010188aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010188,
"ParentPID": 10485908,
"Thread": 44957879,
"EventTime": "2021-09-09T00:31:27.036340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:27.210948-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10485908/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11010190,
"ParentPID": 10485908,
"Thread": 44957881,
"EventTime": "2021-09-09T00:31:27.046340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:27.211664-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10485908",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11010192,
"ParentPID": 10485908,
"Thread": 44957883,
"EventTime": "2021-09-09T00:31:27.056375-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:27.212393-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10485910,
"ParentPID": 10223698,
"Thread": 40370343,
"EventTime": "2021-09-09T00:31:27.056375-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:27.213101-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485910,
"ParentPID": 10223698,
"Thread": 40370343,
"EventTime": "2021-09-09T00:31:27.056375-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:27.213805-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.11010194",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9044156,
"ParentPID": 11010194,
"Thread": 45678749,
"EventTime": "2021-09-09T00:31:27.066340-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:27.214329-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223700,
"ParentPID": 5439688,
"Thread": 28705001,
"EventTime": "2021-09-09T00:31:28.319478-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:28.417194-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10485912.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10485912,
"ParentPID": 10223700,
"Thread": 40370345,
"EventTime": "2021-09-09T00:31:28.449817-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:28.719304-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10485912",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11010210,
"ParentPID": 10485912,
"Thread": 44957901,
"EventTime": "2021-09-09T00:31:28.479828-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:28.720118-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11010210,
"ParentPID": 10485912,
"Thread": 44957901,
"EventTime": "2021-09-09T00:31:28.489831-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:28.720839-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010214aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010214,
"ParentPID": 10485912,
"Thread": 44957905,
"EventTime": "2021-09-09T00:31:28.499835-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:28.721556-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010214aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010214,
"ParentPID": 10485912,
"Thread": 44957905,
"EventTime": "2021-09-09T00:31:28.499835-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:28.722261-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11010214aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11010214,
"ParentPID": 10485912,
"Thread": 44957905,
"EventTime": "2021-09-09T00:31:28.499835-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:28.722969-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10485912/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11010216,
"ParentPID": 10485912,
"Thread": 44957907,
"EventTime": "2021-09-09T00:31:28.511034-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:28.723685-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10485912",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11010218,
"ParentPID": 10485912,
"Thread": 44957909,
"EventTime": "2021-09-09T00:31:28.518301-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:28.724404-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10485914,
"ParentPID": 10223700,
"Thread": 40370347,
"EventTime": "2021-09-09T00:31:28.519842-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:28.725122-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485914,
"ParentPID": 10223700,
"Thread": 40370347,
"EventTime": "2021-09-09T00:31:28.519842-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:28.725828-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223702,
"ParentPID": 5439688,
"Thread": 28705003,
"EventTime": "2021-09-09T00:31:29.783259-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:31:29.934573-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-09T00:33:06.378851-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:33:06.412160-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011010240jEGaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11010240,
"ParentPID": 10485924,
"Thread": 35586119,
"EventTime": "2021-09-09T00:34:26.828822-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:34:26.972209-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10485932,
"ParentPID": 10223706,
"Thread": 49152145,
"EventTime": "2021-09-09T00:34:26.842515-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:34:26.973020-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011010264kyGaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11010264,
"ParentPID": 10485934,
"Thread": 35586143,
"EventTime": "2021-09-09T00:34:26.942933-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:34:26.973756-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485936,
"ParentPID": 6684890,
"Thread": 28705013,
"EventTime": "2021-09-09T00:35:00.001484-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:35:00.035382-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485936,
"ParentPID": 6684890,
"Thread": 28705013,
"EventTime": "2021-09-09T00:35:00.001484-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:35:00.036155-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 23:34:59 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485936,
"ParentPID": 6684890,
"Thread": 28705013,
"EventTime": "2021-09-09T00:35:00.009340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:35:00.036911-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485936,
"ParentPID": 6684890,
"Thread": 28705013,
"EventTime": "2021-09-09T00:35:00.009340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:35:00.037649-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485938,
"ParentPID": 6684890,
"Thread": 40173693,
"EventTime": "2021-09-09T00:40:00.010319-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:40:00.292932-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485938,
"ParentPID": 6684890,
"Thread": 40173693,
"EventTime": "2021-09-09T00:40:00.010319-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:40:00.293700-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 23:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485938,
"ParentPID": 6684890,
"Thread": 40173693,
"EventTime": "2021-09-09T00:40:00.019341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:40:00.294446-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485938,
"ParentPID": 6684890,
"Thread": 40173693,
"EventTime": "2021-09-09T00:40:00.020321-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:40:00.295172-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485940,
"ParentPID": 5439688,
"Thread": 40173701,
"EventTime": "2021-09-09T00:42:30.123340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:42:30.209653-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485942,
"ParentPID": 6684890,
"Thread": 39518373,
"EventTime": "2021-09-09T00:45:00.026683-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:45:00.187960-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485942,
"ParentPID": 6684890,
"Thread": 39518373,
"EventTime": "2021-09-09T00:45:00.026683-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:45:00.188818-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 23:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485942,
"ParentPID": 6684890,
"Thread": 39518373,
"EventTime": "2021-09-09T00:45:00.028340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:45:00.189625-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485942,
"ParentPID": 6684890,
"Thread": 39518373,
"EventTime": "2021-09-09T00:45:00.028340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:45:00.190364-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011010286euGaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11010286,
"ParentPID": 10223716,
"Thread": 32768037,
"EventTime": "2021-09-09T00:49:27.063060-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:49:27.356136-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10223724,
"ParentPID": 10485944,
"Thread": 44105939,
"EventTime": "2021-09-09T00:49:27.083065-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:49:27.356897-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011010054feGaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11010054,
"ParentPID": 10223726,
"Thread": 32768061,
"EventTime": "2021-09-09T00:49:27.181354-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:49:27.357635-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485946,
"ParentPID": 6684890,
"Thread": 49152171,
"EventTime": "2021-09-09T00:50:00.035141-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:50:00.132672-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485946,
"ParentPID": 6684890,
"Thread": 49152171,
"EventTime": "2021-09-09T00:50:00.035141-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:50:00.133491-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 23:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485946,
"ParentPID": 6684890,
"Thread": 49152171,
"EventTime": "2021-09-09T00:50:00.038340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:50:00.134236-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485946,
"ParentPID": 6684890,
"Thread": 49152171,
"EventTime": "2021-09-09T00:50:00.038340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:50:00.134971-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485948,
"ParentPID": 6684890,
"Thread": 43384939,
"EventTime": "2021-09-09T00:55:00.052192-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:55:00.280558-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485948,
"ParentPID": 6684890,
"Thread": 43384939,
"EventTime": "2021-09-09T00:55:00.052192-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:55:00.281317-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /var/perf/pm/bin/pmcfg >/dev/null 2>&1 #Enable PM Data Collection time = Wed Aug 18 23:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485948,
"ParentPID": 6684890,
"Thread": 43384939,
"EventTime": "2021-09-09T00:55:00.052192-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:55:00.282063-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485948,
"ParentPID": 6684890,
"Thread": 43384939,
"EventTime": "2021-09-09T00:55:00.052192-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:55:00.282799-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468826,
"ParentPID": 6684890,
"Thread": 32768065,
"EventTime": "2021-09-09T00:55:00.059379-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:55:00.283530-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468826,
"ParentPID": 6684890,
"Thread": 32768065,
"EventTime": "2021-09-09T00:55:00.059379-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:55:00.284237-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Wed Aug 18 23:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468826,
"ParentPID": 6684890,
"Thread": 32768065,
"EventTime": "2021-09-09T00:55:00.059379-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:55:00.284956-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468826,
"ParentPID": 6684890,
"Thread": 32768065,
"EventTime": "2021-09-09T00:55:00.062535-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:55:00.285683-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/perf/daily/persistent.db",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "topasout",
"PID": 11468828,
"ParentPID": 9371822,
"Thread": 32768067,
"EventTime": "2021-09-09T00:55:00.123888-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:55:00.286390-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /var/perf/pm/daily",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "find",
"PID": 9371828,
"ParentPID": 10485948,
"Thread": 37421125,
"EventTime": "2021-09-09T00:55:00.142220-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:55:00.287099-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: p1220-pvm1",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "find",
"PID": 9371828,
"ParentPID": 10485948,
"Thread": 37421125,
"EventTime": "2021-09-09T00:55:00.142220-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:55:00.287800-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: ..",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "find",
"PID": 9371828,
"ParentPID": 10485948,
"Thread": 37421125,
"EventTime": "2021-09-09T00:55:00.142220-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:55:00.288545-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/perf/pm/daily/p1220-pvm1/pm_meminfo.2021.08.14.Sat",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 5636182,
"ParentPID": 11468832,
"Thread": 30998723,
"EventTime": "2021-09-09T00:55:00.152223-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:55:00.289270-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/perf/pm/daily/p1220-pvm1/pm_process.2021.08.15.Sun",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 5636182,
"ParentPID": 11468832,
"Thread": 30998723,
"EventTime": "2021-09-09T00:55:00.152223-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:55:00.290030-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/perf/daily/persistent.db",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "topasout",
"PID": 11010056,
"ParentPID": 9371836,
"Thread": 32047199,
"EventTime": "2021-09-09T00:55:00.214774-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:55:00.290733-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8978440,
"ParentPID": 8192140,
"Thread": 39518385,
"EventTime": "2021-09-09T00:55:00.252255-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:55:00.291442-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8978442,
"ParentPID": 8192142,
"Thread": 39518387,
"EventTime": "2021-09-09T00:55:00.268341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T00:55:00.292142-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485950,
"ParentPID": 6684890,
"Thread": 44826655,
"EventTime": "2021-09-09T01:00:00.310030-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:00:00.489213-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485950,
"ParentPID": 6684890,
"Thread": 44826655,
"EventTime": "2021-09-09T01:00:00.310030-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:00:00.490022-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 00:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485950,
"ParentPID": 6684890,
"Thread": 44826655,
"EventTime": "2021-09-09T01:00:00.318340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:00:00.490772-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485950,
"ParentPID": 6684890,
"Thread": 44826655,
"EventTime": "2021-09-09T01:00:00.318989-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:00:00.491498-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10485952",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9371840,
"ParentPID": 10485952,
"Thread": 35586155,
"EventTime": "2021-09-09T01:00:00.340089-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:00:00.492045-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /etc/perf/daily/persistent_local",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "topasrec",
"PID": 5308582,
"ParentPID": 1,
"Thread": 20316271,
"EventTime": "2021-09-09T01:00:27.193637-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:00:27.242385-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011010080-aGaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11010080,
"ParentPID": 10485964,
"Thread": 44957697,
"EventTime": "2021-09-09T01:04:27.304496-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:04:27.550206-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10485972,
"ParentPID": 9371846,
"Thread": 33554595,
"EventTime": "2021-09-09T01:04:27.319340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:04:27.551009-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485994-MEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485994,
"ParentPID": 9240664,
"Thread": 33554617,
"EventTime": "2021-09-09T01:04:27.419341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:04:27.551732-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371848,
"ParentPID": 6684890,
"Thread": 31654129,
"EventTime": "2021-09-09T01:05:00.323613-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:05:00.586834-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371848,
"ParentPID": 6684890,
"Thread": 31654129,
"EventTime": "2021-09-09T01:05:00.323613-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:05:00.587641-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 00:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371848,
"ParentPID": 6684890,
"Thread": 31654129,
"EventTime": "2021-09-09T01:05:00.328341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:05:00.588419-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371848,
"ParentPID": 6684890,
"Thread": 31654129,
"EventTime": "2021-09-09T01:05:00.328341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:05:00.589157-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371850,
"ParentPID": 6684890,
"Thread": 41156859,
"EventTime": "2021-09-09T01:10:00.327342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:10:00.477695-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371850,
"ParentPID": 6684890,
"Thread": 41156859,
"EventTime": "2021-09-09T01:10:00.327342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:10:00.478512-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 00:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371850,
"ParentPID": 6684890,
"Thread": 41156859,
"EventTime": "2021-09-09T01:10:00.336453-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:10:00.479256-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371850,
"ParentPID": 6684890,
"Thread": 41156859,
"EventTime": "2021-09-09T01:10:00.337340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:10:00.479983-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371852,
"ParentPID": 6684890,
"Thread": 50200619,
"EventTime": "2021-09-09T01:15:00.344480-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:15:00.445458-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371852,
"ParentPID": 6684890,
"Thread": 50200619,
"EventTime": "2021-09-09T01:15:00.344480-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:15:00.446220-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 00:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371852,
"ParentPID": 6684890,
"Thread": 50200619,
"EventTime": "2021-09-09T01:15:00.344480-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:15:00.446964-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371852,
"ParentPID": 6684890,
"Thread": 50200619,
"EventTime": "2021-09-09T01:15:00.347340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:15:00.447786-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008192178VI6qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8192178,
"ParentPID": 9961566,
"Thread": 46465105,
"EventTime": "2021-09-09T01:19:27.543011-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:19:27.593892-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9961574,
"ParentPID": 9371854,
"Thread": 30736405,
"EventTime": "2021-09-09T01:19:27.563019-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:19:27.594656-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485764W3Eaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485764,
"ParentPID": 10223758,
"Thread": 23658685,
"EventTime": "2021-09-09T01:19:27.663060-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:19:27.898710-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371856,
"ParentPID": 6684890,
"Thread": 43188461,
"EventTime": "2021-09-09T01:20:00.352936-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:20:00.393853-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371856,
"ParentPID": 6684890,
"Thread": 43188461,
"EventTime": "2021-09-09T01:20:00.352936-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:20:00.394681-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 00:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371856,
"ParentPID": 6684890,
"Thread": 43188461,
"EventTime": "2021-09-09T01:20:00.357340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:20:00.395445-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371856,
"ParentPID": 6684890,
"Thread": 43188461,
"EventTime": "2021-09-09T01:20:00.357873-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:20:00.396182-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371858,
"ParentPID": 6684890,
"Thread": 29425821,
"EventTime": "2021-09-09T01:25:00.362007-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:25:00.438613-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371858,
"ParentPID": 6684890,
"Thread": 29425821,
"EventTime": "2021-09-09T01:25:00.362007-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:25:00.439132-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 00:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371858,
"ParentPID": 6684890,
"Thread": 29425821,
"EventTime": "2021-09-09T01:25:00.362007-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:25:00.439598-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371858,
"ParentPID": 6684890,
"Thread": 29425821,
"EventTime": "2021-09-09T01:25:00.362007-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:25:00.440052-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371860,
"ParentPID": 6684890,
"Thread": 49217785,
"EventTime": "2021-09-09T01:30:00.367341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:30:00.529486-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371860,
"ParentPID": 6684890,
"Thread": 49217785,
"EventTime": "2021-09-09T01:30:00.367341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:30:00.530307-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 00:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371860,
"ParentPID": 6684890,
"Thread": 49217785,
"EventTime": "2021-09-09T01:30:00.367341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:30:00.531062-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371860,
"ParentPID": 6684890,
"Thread": 49217785,
"EventTime": "2021-09-09T01:30:00.371512-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:30:00.531796-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-09T01:33:06.260975-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:33:06.555397-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636224Quv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636224,
"ParentPID": 10485776,
"Thread": 32833561,
"EventTime": "2021-09-09T01:34:27.778340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:34:27.965998-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10485784,
"ParentPID": 9371866,
"Thread": 36307197,
"EventTime": "2021-09-09T01:34:27.794902-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:34:27.966819-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636248Rev7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636248,
"ParentPID": 10485786,
"Thread": 32833585,
"EventTime": "2021-09-09T01:34:27.888341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:34:27.967564-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485788,
"ParentPID": 6684890,
"Thread": 36503565,
"EventTime": "2021-09-09T01:35:00.373865-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:35:00.434853-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485788,
"ParentPID": 6684890,
"Thread": 36503565,
"EventTime": "2021-09-09T01:35:00.373865-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:35:00.435680-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 00:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485788,
"ParentPID": 6684890,
"Thread": 36503565,
"EventTime": "2021-09-09T01:35:00.373865-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:35:00.436432-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485788,
"ParentPID": 6684890,
"Thread": 36503565,
"EventTime": "2021-09-09T01:35:00.373865-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:35:00.437171-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485790,
"ParentPID": 5439688,
"Thread": 38404301,
"EventTime": "2021-09-09T01:38:50.543128-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:38:50.631787-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8192184.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8192184,
"ParentPID": 10485790,
"Thread": 33095757,
"EventTime": "2021-09-09T01:38:50.666073-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:38:50.934729-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8192184",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9961592,
"ParentPID": 8192184,
"Thread": 47579343,
"EventTime": "2021-09-09T01:38:50.706086-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:38:50.935540-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9961592,
"ParentPID": 8192184,
"Thread": 47579343,
"EventTime": "2021-09-09T01:38:50.706086-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:38:50.936272-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961596aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961596,
"ParentPID": 8192184,
"Thread": 47579347,
"EventTime": "2021-09-09T01:38:50.716091-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:38:50.936994-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961596aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961596,
"ParentPID": 8192184,
"Thread": 47579347,
"EventTime": "2021-09-09T01:38:50.716091-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:38:50.937710-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961596aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961596,
"ParentPID": 8192184,
"Thread": 47579347,
"EventTime": "2021-09-09T01:38:50.726094-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:38:50.938415-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8192184/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9961598,
"ParentPID": 8192184,
"Thread": 47579349,
"EventTime": "2021-09-09T01:38:50.736097-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:38:50.939120-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8192184",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9961600,
"ParentPID": 8192184,
"Thread": 47579351,
"EventTime": "2021-09-09T01:38:50.736097-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:38:50.939854-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8192186,
"ParentPID": 10485790,
"Thread": 33095759,
"EventTime": "2021-09-09T01:38:50.736097-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:38:50.940615-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192186,
"ParentPID": 10485790,
"Thread": 33095759,
"EventTime": "2021-09-09T01:38:50.736097-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:38:50.941320-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485792,
"ParentPID": 5439688,
"Thread": 38404303,
"EventTime": "2021-09-09T01:38:51.889275-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:38:52.150238-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8192188.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8192188,
"ParentPID": 10485792,
"Thread": 33095761,
"EventTime": "2021-09-09T01:38:52.029639-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:38:52.151055-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8192188",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9961616,
"ParentPID": 8192188,
"Thread": 47579367,
"EventTime": "2021-09-09T01:38:52.059648-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:38:52.151806-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9961616,
"ParentPID": 8192188,
"Thread": 47579367,
"EventTime": "2021-09-09T01:38:52.069672-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:38:52.152568-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961620aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961620,
"ParentPID": 8192188,
"Thread": 47579371,
"EventTime": "2021-09-09T01:38:52.069672-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:38:52.153296-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961620aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961620,
"ParentPID": 8192188,
"Thread": 47579371,
"EventTime": "2021-09-09T01:38:52.079675-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:38:52.154006-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961620aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961620,
"ParentPID": 8192188,
"Thread": 47579371,
"EventTime": "2021-09-09T01:38:52.079675-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:38:52.154712-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8192188/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9961626,
"ParentPID": 8192188,
"Thread": 47579377,
"EventTime": "2021-09-09T01:38:52.103179-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:38:52.155443-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10223790",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 11468880,
"ParentPID": 10223790,
"Thread": 44433619,
"EventTime": "2021-09-09T01:38:52.103179-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:38:52.155973-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8192188",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9961628,
"ParentPID": 8192188,
"Thread": 47579379,
"EventTime": "2021-09-09T01:38:52.103179-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:38:52.156675-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8192190,
"ParentPID": 10485792,
"Thread": 33095763,
"EventTime": "2021-09-09T01:38:52.109682-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:38:52.157375-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192190,
"ParentPID": 10485792,
"Thread": 33095763,
"EventTime": "2021-09-09T01:38:52.109682-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:38:52.158075-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485794,
"ParentPID": 6684890,
"Thread": 38404311,
"EventTime": "2021-09-09T01:40:00.386340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:40:00.652991-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485794,
"ParentPID": 6684890,
"Thread": 38404311,
"EventTime": "2021-09-09T01:40:00.386340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:40:00.653848-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 00:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485794,
"ParentPID": 6684890,
"Thread": 38404311,
"EventTime": "2021-09-09T01:40:00.386340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:40:00.654616-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485794,
"ParentPID": 6684890,
"Thread": 38404311,
"EventTime": "2021-09-09T01:40:00.386340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:40:00.655355-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485796,
"ParentPID": 6684890,
"Thread": 48627783,
"EventTime": "2021-09-09T01:45:00.397326-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:45:00.588700-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485796,
"ParentPID": 6684890,
"Thread": 48627783,
"EventTime": "2021-09-09T01:45:00.397326-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:45:00.589538-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 00:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485796,
"ParentPID": 6684890,
"Thread": 48627783,
"EventTime": "2021-09-09T01:45:00.397326-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:45:00.590309-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485796,
"ParentPID": 6684890,
"Thread": 48627783,
"EventTime": "2021-09-09T01:45:00.397326-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:45:00.591059-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485798,
"ParentPID": 5439688,
"Thread": 44433629,
"EventTime": "2021-09-09T01:47:52.941758-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:47:53.051249-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223812LeDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223812,
"ParentPID": 8192200,
"Thread": 32833613,
"EventTime": "2021-09-09T01:49:28.017341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:49:28.038436-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192208,
"ParentPID": 10485800,
"Thread": 44957743,
"EventTime": "2021-09-09T01:49:28.030981-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:49:28.039211-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223836LMDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223836,
"ParentPID": 8192210,
"Thread": 32833637,
"EventTime": "2021-09-09T01:49:28.131013-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:49:28.342454-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192212,
"ParentPID": 6684890,
"Thread": 32964653,
"EventTime": "2021-09-09T01:50:00.406340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:50:00.502346-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192212,
"ParentPID": 6684890,
"Thread": 32964653,
"EventTime": "2021-09-09T01:50:00.406340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:50:00.503174-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 00:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192212,
"ParentPID": 6684890,
"Thread": 32964653,
"EventTime": "2021-09-09T01:50:00.409020-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:50:00.503941-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192212,
"ParentPID": 6684890,
"Thread": 32964653,
"EventTime": "2021-09-09T01:50:00.409020-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:50:00.504684-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192214,
"ParentPID": 6684890,
"Thread": 44433647,
"EventTime": "2021-09-09T01:55:00.416340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:55:00.677075-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192214,
"ParentPID": 6684890,
"Thread": 44433647,
"EventTime": "2021-09-09T01:55:00.416340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:55:00.677915-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 00:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192214,
"ParentPID": 6684890,
"Thread": 44433647,
"EventTime": "2021-09-09T01:55:00.416340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:55:00.678688-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192214,
"ParentPID": 6684890,
"Thread": 44433647,
"EventTime": "2021-09-09T01:55:00.416340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T01:55:00.679446-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192216,
"ParentPID": 6684890,
"Thread": 44237035,
"EventTime": "2021-09-09T02:00:00.425534-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:00:00.538171-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192216,
"ParentPID": 6684890,
"Thread": 44237035,
"EventTime": "2021-09-09T02:00:00.425534-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:00:00.539010-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 01:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192216,
"ParentPID": 6684890,
"Thread": 44237035,
"EventTime": "2021-09-09T02:00:00.425534-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:00:00.539789-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192216,
"ParentPID": 6684890,
"Thread": 44237035,
"EventTime": "2021-09-09T02:00:00.425534-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:00:00.540553-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636272Fav7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636272,
"ParentPID": 8192228,
"Thread": 43974861,
"EventTime": "2021-09-09T02:04:28.216789-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:04:28.483609-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192236,
"ParentPID": 10223842,
"Thread": 34996411,
"EventTime": "2021-09-09T02:04:28.226791-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:04:28.484132-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636296FYv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636296,
"ParentPID": 8192238,
"Thread": 43974885,
"EventTime": "2021-09-09T02:04:28.287340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:04:28.484596-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223844,
"ParentPID": 6684890,
"Thread": 32833653,
"EventTime": "2021-09-09T02:05:00.429155-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:05:00.636968-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223844,
"ParentPID": 6684890,
"Thread": 32833653,
"EventTime": "2021-09-09T02:05:00.429155-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:05:00.637501-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 01:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223844,
"ParentPID": 6684890,
"Thread": 32833653,
"EventTime": "2021-09-09T02:05:00.429155-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:05:00.637989-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223844,
"ParentPID": 6684890,
"Thread": 32833653,
"EventTime": "2021-09-09T02:05:00.435942-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:05:00.638462-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223846,
"ParentPID": 5439688,
"Thread": 35651671,
"EventTime": "2021-09-09T02:07:28.541339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:07:28.668617-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223848,
"ParentPID": 5439688,
"Thread": 35651673,
"EventTime": "2021-09-09T02:07:29.601339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:07:29.880489-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223850,
"ParentPID": 5439688,
"Thread": 35651675,
"EventTime": "2021-09-09T02:07:29.861339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:07:29.881007-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223852,
"ParentPID": 5439688,
"Thread": 35651677,
"EventTime": "2021-09-09T02:07:29.991339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:07:30.181863-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223854,
"ParentPID": 5439688,
"Thread": 35651679,
"EventTime": "2021-09-09T02:07:30.250339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:07:30.486117-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223856,
"ParentPID": 5439688,
"Thread": 35651681,
"EventTime": "2021-09-09T02:07:30.510339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:07:30.790902-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223858,
"ParentPID": 5439688,
"Thread": 35651683,
"EventTime": "2021-09-09T02:07:30.770416-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:07:30.791416-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223860,
"ParentPID": 5439688,
"Thread": 35651685,
"EventTime": "2021-09-09T02:07:31.020866-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:07:31.100869-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223862,
"ParentPID": 5439688,
"Thread": 35651687,
"EventTime": "2021-09-09T02:07:31.280339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:07:31.402015-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223864,
"ParentPID": 5439688,
"Thread": 35651689,
"EventTime": "2021-09-09T02:07:31.531611-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:07:31.702829-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223866,
"ParentPID": 6684890,
"Thread": 45744145,
"EventTime": "2021-09-09T02:10:00.435340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:10:00.701787-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223866,
"ParentPID": 6684890,
"Thread": 45744145,
"EventTime": "2021-09-09T02:10:00.435340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:10:00.702309-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 01:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223866,
"ParentPID": 6684890,
"Thread": 45744145,
"EventTime": "2021-09-09T02:10:00.435340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:10:00.702782-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223866,
"ParentPID": 6684890,
"Thread": 45744145,
"EventTime": "2021-09-09T02:10:00.435340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:10:00.703239-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223868,
"ParentPID": 6684890,
"Thread": 35651707,
"EventTime": "2021-09-09T02:15:00.437802-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:15:00.452707-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223868,
"ParentPID": 6684890,
"Thread": 35651707,
"EventTime": "2021-09-09T02:15:00.437802-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:15:00.453188-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 01:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223868,
"ParentPID": 6684890,
"Thread": 35651707,
"EventTime": "2021-09-09T02:15:00.437802-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:15:00.453655-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223868,
"ParentPID": 6684890,
"Thread": 35651707,
"EventTime": "2021-09-09T02:15:00.442147-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:15:00.454112-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00056363180Qv7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636318,
"ParentPID": 8192248,
"Thread": 36307007,
"EventTime": "2021-09-09T02:19:28.401764-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:19:28.503805-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192000,
"ParentPID": 10223870,
"Thread": 34996437,
"EventTime": "2021-09-09T02:19:28.416619-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:19:28.504625-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0005636342A7v7aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 5636342,
"ParentPID": 8192002,
"Thread": 36307031,
"EventTime": "2021-09-09T02:19:28.511806-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:19:28.807162-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223616,
"ParentPID": 6684890,
"Thread": 45744165,
"EventTime": "2021-09-09T02:20:00.445341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:20:00.661174-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223616,
"ParentPID": 6684890,
"Thread": 45744165,
"EventTime": "2021-09-09T02:20:00.445341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:20:00.661946-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 01:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223616,
"ParentPID": 6684890,
"Thread": 45744165,
"EventTime": "2021-09-09T02:20:00.445341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:20:00.662709-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223616,
"ParentPID": 6684890,
"Thread": 45744165,
"EventTime": "2021-09-09T02:20:00.449668-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:20:00.663445-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09044212",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 11468896,
"ParentPID": 9044212,
"Thread": 44237055,
"EventTime": "2021-09-09T02:20:00.465340-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:20:00.663997-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223618,
"ParentPID": 6684890,
"Thread": 43384961,
"EventTime": "2021-09-09T02:25:00.465340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:25:00.579174-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223618,
"ParentPID": 6684890,
"Thread": 43384961,
"EventTime": "2021-09-09T02:25:00.465340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:25:00.579955-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 01:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223618,
"ParentPID": 6684890,
"Thread": 43384961,
"EventTime": "2021-09-09T02:25:00.465340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:25:00.580713-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223618,
"ParentPID": 6684890,
"Thread": 43384961,
"EventTime": "2021-09-09T02:25:00.471791-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:25:00.581448-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223620,
"ParentPID": 6684890,
"Thread": 30081041,
"EventTime": "2021-09-09T02:30:00.477704-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:30:00.761534-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223620,
"ParentPID": 6684890,
"Thread": 30081041,
"EventTime": "2021-09-09T02:30:00.477704-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:30:00.762314-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 01:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223620,
"ParentPID": 6684890,
"Thread": 30081041,
"EventTime": "2021-09-09T02:30:00.477704-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:30:00.763075-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223620,
"ParentPID": 6684890,
"Thread": 30081041,
"EventTime": "2021-09-09T02:30:00.477704-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:30:00.763814-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-09T02:33:06.138340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:33:06.168613-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC001146891857HMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468918,
"ParentPID": 10223634,
"Thread": 36831363,
"EventTime": "2021-09-09T02:34:28.639683-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:34:28.816401-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10223642,
"ParentPID": 9044216,
"Thread": 32964691,
"EventTime": "2021-09-09T02:34:28.656341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:34:28.817184-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00114689426mHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468942,
"ParentPID": 10223644,
"Thread": 36831387,
"EventTime": "2021-09-09T02:34:28.749011-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:34:28.817977-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044218,
"ParentPID": 6684890,
"Thread": 28704799,
"EventTime": "2021-09-09T02:35:00.485412-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:35:00.660894-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044218,
"ParentPID": 6684890,
"Thread": 28704799,
"EventTime": "2021-09-09T02:35:00.485412-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:35:00.661667-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 01:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9044218,
"ParentPID": 6684890,
"Thread": 28704799,
"EventTime": "2021-09-09T02:35:00.485412-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:35:00.662426-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9044218,
"ParentPID": 6684890,
"Thread": 28704799,
"EventTime": "2021-09-09T02:35:00.485412-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:35:00.663164-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044220,
"ParentPID": 6684890,
"Thread": 39583981,
"EventTime": "2021-09-09T02:40:00.497300-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:40:00.558272-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044220,
"ParentPID": 6684890,
"Thread": 39583981,
"EventTime": "2021-09-09T02:40:00.497300-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:40:00.559098-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 01:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9044220,
"ParentPID": 6684890,
"Thread": 39583981,
"EventTime": "2021-09-09T02:40:00.497300-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:40:00.559855-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9044220,
"ParentPID": 6684890,
"Thread": 39583981,
"EventTime": "2021-09-09T02:40:00.500734-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:40:00.560589-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044222,
"ParentPID": 6684890,
"Thread": 47382585,
"EventTime": "2021-09-09T02:45:00.505536-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:45:00.688939-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9044222,
"ParentPID": 6684890,
"Thread": 47382585,
"EventTime": "2021-09-09T02:45:00.505536-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:45:00.689721-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 01:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9044222,
"ParentPID": 6684890,
"Thread": 47382585,
"EventTime": "2021-09-09T02:45:00.505536-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:45:00.690472-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9044222,
"ParentPID": 6684890,
"Thread": 47382585,
"EventTime": "2021-09-09T02:45:00.505536-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:45:00.691208-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0004718824zmsaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 4718824,
"ParentPID": 10748058,
"Thread": 34471973,
"EventTime": "2021-09-09T02:49:28.875340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:49:29.023973-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10748066,
"ParentPID": 9043968,
"Thread": 41418819,
"EventTime": "2021-09-09T02:49:28.895340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:49:29.024746-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0004718592zUsaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 4718592,
"ParentPID": 10748068,
"Thread": 34471997,
"EventTime": "2021-09-09T02:49:28.995373-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:49:29.025515-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9043970,
"ParentPID": 6684890,
"Thread": 49348775,
"EventTime": "2021-09-09T02:50:00.519547-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:50:00.571181-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9043970,
"ParentPID": 6684890,
"Thread": 49348775,
"EventTime": "2021-09-09T02:50:00.519547-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:50:00.572003-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 01:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9043970,
"ParentPID": 6684890,
"Thread": 49348775,
"EventTime": "2021-09-09T02:50:00.520318-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:50:00.572764-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9043970,
"ParentPID": 6684890,
"Thread": 49348775,
"EventTime": "2021-09-09T02:50:00.520318-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:50:00.573498-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9043972,
"ParentPID": 6684890,
"Thread": 32309335,
"EventTime": "2021-09-09T02:55:00.524340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:55:00.545865-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9043972,
"ParentPID": 6684890,
"Thread": 32309335,
"EventTime": "2021-09-09T02:55:00.524340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:55:00.546688-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 01:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9043972,
"ParentPID": 6684890,
"Thread": 32309335,
"EventTime": "2021-09-09T02:55:00.524340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:55:00.547443-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9043972,
"ParentPID": 6684890,
"Thread": 32309335,
"EventTime": "2021-09-09T02:55:00.524340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T02:55:00.548179-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9043974,
"ParentPID": 6684890,
"Thread": 38076597,
"EventTime": "2021-09-09T03:00:00.536698-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:00:00.777017-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9043974,
"ParentPID": 6684890,
"Thread": 38076597,
"EventTime": "2021-09-09T03:00:00.536698-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:00:00.777847-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 02:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9043974,
"ParentPID": 6684890,
"Thread": 38076597,
"EventTime": "2021-09-09T03:00:00.536698-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:00:00.778597-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9043974,
"ParentPID": 6684890,
"Thread": 38076597,
"EventTime": "2021-09-09T03:00:00.536698-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:00:00.779332-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0004718614tUsaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 4718614,
"ParentPID": 10748084,
"Thread": 46072009,
"EventTime": "2021-09-09T03:04:29.115341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:04:29.396205-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10748092,
"ParentPID": 9043980,
"Thread": 37421189,
"EventTime": "2021-09-09T03:04:29.135341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:04:29.397029-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0004718638uAsaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 4718638,
"ParentPID": 10748094,
"Thread": 46072033,
"EventTime": "2021-09-09T03:04:29.229748-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:04:29.397769-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9043982,
"ParentPID": 6684890,
"Thread": 43778301,
"EventTime": "2021-09-09T03:05:00.544341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:05:00.658626-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9043982,
"ParentPID": 6684890,
"Thread": 43778301,
"EventTime": "2021-09-09T03:05:00.544341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:05:00.659446-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 02:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9043982,
"ParentPID": 6684890,
"Thread": 43778301,
"EventTime": "2021-09-09T03:05:00.549191-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:05:00.660209-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9043982,
"ParentPID": 6684890,
"Thread": 43778301,
"EventTime": "2021-09-09T03:05:00.549191-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:05:00.660935-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9043984,
"ParentPID": 6684890,
"Thread": 34799833,
"EventTime": "2021-09-09T03:10:00.550858-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:10:00.601823-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9043984,
"ParentPID": 6684890,
"Thread": 34799833,
"EventTime": "2021-09-09T03:10:00.550858-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:10:00.602644-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 02:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9043984,
"ParentPID": 6684890,
"Thread": 34799833,
"EventTime": "2021-09-09T03:10:00.550858-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:10:00.603401-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9043984,
"ParentPID": 6684890,
"Thread": 34799833,
"EventTime": "2021-09-09T03:10:00.550858-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:10:00.604145-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9043986,
"ParentPID": 6684890,
"Thread": 47382623,
"EventTime": "2021-09-09T03:15:00.565939-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:15:00.807388-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9043986,
"ParentPID": 6684890,
"Thread": 47382623,
"EventTime": "2021-09-09T03:15:00.565939-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:15:00.808209-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 02:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9043986,
"ParentPID": 6684890,
"Thread": 47382623,
"EventTime": "2021-09-09T03:15:00.565939-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:15:00.808961-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9043986,
"ParentPID": 6684890,
"Thread": 47382623,
"EventTime": "2021-09-09T03:15:00.565939-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:15:00.809695-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.04718640",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 11468966,
"ParentPID": 4718640,
"Thread": 32964709,
"EventTime": "2021-09-09T03:15:00.585946-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:15:00.810243-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011468988oAHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468988,
"ParentPID": 4718650,
"Thread": 36831427,
"EventTime": "2021-09-09T03:19:29.354341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:19:29.513852-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 4718658,
"ParentPID": 9043988,
"Thread": 37093423,
"EventTime": "2021-09-09T03:19:29.372866-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:19:29.514700-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011469012pqHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11469012,
"ParentPID": 4718660,
"Thread": 36831451,
"EventTime": "2021-09-09T03:19:29.469212-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:19:29.515496-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9043990,
"ParentPID": 6684890,
"Thread": 30277705,
"EventTime": "2021-09-09T03:20:00.587182-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:20:00.758950-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9043990,
"ParentPID": 6684890,
"Thread": 30277705,
"EventTime": "2021-09-09T03:20:00.587182-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:20:00.759722-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 02:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9043990,
"ParentPID": 6684890,
"Thread": 30277705,
"EventTime": "2021-09-09T03:20:00.587182-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:20:00.760479-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9043990,
"ParentPID": 6684890,
"Thread": 30277705,
"EventTime": "2021-09-09T03:20:00.593340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:20:00.761220-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9043992,
"ParentPID": 6684890,
"Thread": 31457485,
"EventTime": "2021-09-09T03:25:00.598623-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:25:00.642607-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9043992,
"ParentPID": 6684890,
"Thread": 31457485,
"EventTime": "2021-09-09T03:25:00.598623-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:25:00.643428-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 02:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9043992,
"ParentPID": 6684890,
"Thread": 31457485,
"EventTime": "2021-09-09T03:25:00.598623-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:25:00.644198-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9043992,
"ParentPID": 6684890,
"Thread": 31457485,
"EventTime": "2021-09-09T03:25:00.603340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:25:00.644985-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9043994,
"ParentPID": 6684890,
"Thread": 38863037,
"EventTime": "2021-09-09T03:30:00.610301-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:30:00.871055-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9043994,
"ParentPID": 6684890,
"Thread": 38863037,
"EventTime": "2021-09-09T03:30:00.610301-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:30:00.871837-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 02:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9043994,
"ParentPID": 6684890,
"Thread": 38863037,
"EventTime": "2021-09-09T03:30:00.613340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:30:00.872600-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9043994,
"ParentPID": 6684890,
"Thread": 38863037,
"EventTime": "2021-09-09T03:30:00.613340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:30:00.873372-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-09T03:33:06.016340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:33:06.260551-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223696jmDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223696,
"ParentPID": 11469022,
"Thread": 34799867,
"EventTime": "2021-09-09T03:34:29.594375-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:34:29.837915-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11469030,
"ParentPID": 9044002,
"Thread": 40698075,
"EventTime": "2021-09-09T03:34:29.606689-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:34:29.838732-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223720jYDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223720,
"ParentPID": 11469032,
"Thread": 34799635,
"EventTime": "2021-09-09T03:34:29.706721-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:34:29.839470-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223722,
"ParentPID": 6684890,
"Thread": 40108209,
"EventTime": "2021-09-09T03:35:00.621076-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:35:00.775287-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223722,
"ParentPID": 6684890,
"Thread": 40108209,
"EventTime": "2021-09-09T03:35:00.621076-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:35:00.776105-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 02:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223722,
"ParentPID": 6684890,
"Thread": 40108209,
"EventTime": "2021-09-09T03:35:00.621076-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:35:00.776865-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223722,
"ParentPID": 6684890,
"Thread": 40108209,
"EventTime": "2021-09-09T03:35:00.623340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:35:00.777600-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223724,
"ParentPID": 6684890,
"Thread": 43778065,
"EventTime": "2021-09-09T03:40:00.628181-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:40:00.669096-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223724,
"ParentPID": 6684890,
"Thread": 43778065,
"EventTime": "2021-09-09T03:40:00.628181-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:40:00.669918-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 02:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223724,
"ParentPID": 6684890,
"Thread": 43778065,
"EventTime": "2021-09-09T03:40:00.632341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:40:00.670667-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223724,
"ParentPID": 6684890,
"Thread": 43778065,
"EventTime": "2021-09-09T03:40:00.632341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:40:00.671404-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223726,
"ParentPID": 6684890,
"Thread": 50725031,
"EventTime": "2021-09-09T03:45:00.637681-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:45:00.889231-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223726,
"ParentPID": 6684890,
"Thread": 50725031,
"EventTime": "2021-09-09T03:45:00.637681-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:45:00.890002-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 02:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223726,
"ParentPID": 6684890,
"Thread": 50725031,
"EventTime": "2021-09-09T03:45:00.637681-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:45:00.890761-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223726,
"ParentPID": 6684890,
"Thread": 50725031,
"EventTime": "2021-09-09T03:45:00.637681-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:45:00.891500-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011469054dUHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11469054,
"ParentPID": 9044012,
"Thread": 32768137,
"EventTime": "2021-09-09T03:49:29.833364-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:49:29.906391-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9044020,
"ParentPID": 10223728,
"Thread": 43974687,
"EventTime": "2021-09-09T03:49:29.849222-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:49:29.907150-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011468822eEHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468822,
"ParentPID": 9044022,
"Thread": 32768161,
"EventTime": "2021-09-09T03:49:29.943342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:49:30.208347-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223730,
"ParentPID": 6684890,
"Thread": 32047221,
"EventTime": "2021-09-09T03:50:00.647067-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:50:00.880065-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223730,
"ParentPID": 6684890,
"Thread": 32047221,
"EventTime": "2021-09-09T03:50:00.647067-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:50:00.880842-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 02:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223730,
"ParentPID": 6684890,
"Thread": 32047221,
"EventTime": "2021-09-09T03:50:00.652340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:50:00.881597-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223730,
"ParentPID": 6684890,
"Thread": 32047221,
"EventTime": "2021-09-09T03:50:00.652340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:50:00.882362-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223732,
"ParentPID": 6684890,
"Thread": 28704843,
"EventTime": "2021-09-09T03:55:00.653428-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:55:00.817762-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223732,
"ParentPID": 6684890,
"Thread": 28704843,
"EventTime": "2021-09-09T03:55:00.653428-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:55:00.818535-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 02:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223732,
"ParentPID": 6684890,
"Thread": 28704843,
"EventTime": "2021-09-09T03:55:00.662341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:55:00.819281-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223732,
"ParentPID": 6684890,
"Thread": 28704843,
"EventTime": "2021-09-09T03:55:00.663431-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T03:55:00.820013-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223734,
"ParentPID": 6684890,
"Thread": 32047241,
"EventTime": "2021-09-09T04:00:00.665077-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:00:00.966442-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223734,
"ParentPID": 6684890,
"Thread": 32047241,
"EventTime": "2021-09-09T04:00:00.665077-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:00:00.967222-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 03:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223734,
"ParentPID": 6684890,
"Thread": 32047241,
"EventTime": "2021-09-09T04:00:00.671678-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:00:00.967993-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223734,
"ParentPID": 6684890,
"Thread": 32047241,
"EventTime": "2021-09-09T04:00:00.671678-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:00:00.968738-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011468844_AHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468844,
"ParentPID": 10223746,
"Thread": 36176025,
"EventTime": "2021-09-09T04:04:30.074069-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:04:30.174220-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10223754,
"ParentPID": 9044028,
"Thread": 30408805,
"EventTime": "2021-09-09T04:04:30.085853-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:04:30.175047-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011468868-uHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468868,
"ParentPID": 10223756,
"Thread": 36176049,
"EventTime": "2021-09-09T04:04:30.184103-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:04:30.476733-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223758,
"ParentPID": 6684890,
"Thread": 32768177,
"EventTime": "2021-09-09T04:05:00.676711-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:05:00.848033-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223758,
"ParentPID": 6684890,
"Thread": 32768177,
"EventTime": "2021-09-09T04:05:00.676711-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:05:00.848801-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 03:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223758,
"ParentPID": 6684890,
"Thread": 32768177,
"EventTime": "2021-09-09T04:05:00.676711-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:05:00.849545-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223758,
"ParentPID": 6684890,
"Thread": 32768177,
"EventTime": "2021-09-09T04:05:00.676711-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:05:00.850284-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.11468870",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 8192012,
"ParentPID": 11468870,
"Thread": 48496667,
"EventTime": "2021-09-09T04:05:00.696716-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:05:00.850822-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223760,
"ParentPID": 5439688,
"Thread": 32768179,
"EventTime": "2021-09-09T04:05:49.281247-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:05:49.531729-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223762,
"ParentPID": 5439688,
"Thread": 32768181,
"EventTime": "2021-09-09T04:05:50.406973-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:05:50.438532-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223764,
"ParentPID": 5439688,
"Thread": 32768183,
"EventTime": "2021-09-09T04:05:50.673912-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:05:50.744922-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223766,
"ParentPID": 5439688,
"Thread": 32768185,
"EventTime": "2021-09-09T04:05:50.794225-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:05:51.055859-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223768,
"ParentPID": 5439688,
"Thread": 32768187,
"EventTime": "2021-09-09T04:05:51.073016-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:05:51.366729-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223770,
"ParentPID": 5439688,
"Thread": 32768189,
"EventTime": "2021-09-09T04:05:51.340678-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:05:51.367489-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223772,
"ParentPID": 5439688,
"Thread": 32768191,
"EventTime": "2021-09-09T04:05:51.610340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:05:51.671180-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223774,
"ParentPID": 5439688,
"Thread": 32768193,
"EventTime": "2021-09-09T04:05:51.870340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:05:51.978279-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223776,
"ParentPID": 5439688,
"Thread": 32768195,
"EventTime": "2021-09-09T04:05:52.137890-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:05:52.281173-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223778,
"ParentPID": 5439688,
"Thread": 32768197,
"EventTime": "2021-09-09T04:05:52.400340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:05:52.590008-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223780,
"ParentPID": 6684890,
"Thread": 45219933,
"EventTime": "2021-09-09T04:10:00.701340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:10:00.884706-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223780,
"ParentPID": 6684890,
"Thread": 45219933,
"EventTime": "2021-09-09T04:10:00.701340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:10:00.885527-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 03:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223780,
"ParentPID": 6684890,
"Thread": 45219933,
"EventTime": "2021-09-09T04:10:00.701340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:10:00.886276-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223780,
"ParentPID": 6684890,
"Thread": 45219933,
"EventTime": "2021-09-09T04:10:00.701340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:10:00.887004-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223782,
"ParentPID": 6684890,
"Thread": 42663973,
"EventTime": "2021-09-09T04:15:00.712078-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:15:00.818196-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223782,
"ParentPID": 6684890,
"Thread": 42663973,
"EventTime": "2021-09-09T04:15:00.712078-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:15:00.818972-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 03:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223782,
"ParentPID": 6684890,
"Thread": 42663973,
"EventTime": "2021-09-09T04:15:00.712078-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:15:00.819719-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223782,
"ParentPID": 6684890,
"Thread": 42663973,
"EventTime": "2021-09-09T04:15:00.714655-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:15:00.820443-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008192034Vq6qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8192034,
"ParentPID": 11468880,
"Thread": 30736479,
"EventTime": "2021-09-09T04:19:30.305247-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:19:30.366763-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11468888,
"ParentPID": 10223784,
"Thread": 45023289,
"EventTime": "2021-09-09T04:19:30.325254-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:19:30.367520-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008192058Wa6qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8192058,
"ParentPID": 11468890,
"Thread": 30736503,
"EventTime": "2021-09-09T04:19:30.425324-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:19:30.673168-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468892,
"ParentPID": 6684890,
"Thread": 31064137,
"EventTime": "2021-09-09T04:20:00.721340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:20:00.729951-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468892,
"ParentPID": 6684890,
"Thread": 31064137,
"EventTime": "2021-09-09T04:20:00.721340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:20:00.730718-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 03:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468892,
"ParentPID": 6684890,
"Thread": 31064137,
"EventTime": "2021-09-09T04:20:00.721340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:20:00.731548-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468892,
"ParentPID": 6684890,
"Thread": 31064137,
"EventTime": "2021-09-09T04:20:00.721340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:20:00.732289-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468894,
"ParentPID": 6684890,
"Thread": 34799687,
"EventTime": "2021-09-09T04:25:00.731340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:25:00.902917-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468894,
"ParentPID": 6684890,
"Thread": 34799687,
"EventTime": "2021-09-09T04:25:00.731340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:25:00.903445-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 03:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468894,
"ParentPID": 6684890,
"Thread": 34799687,
"EventTime": "2021-09-09T04:25:00.732741-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:25:00.903916-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468894,
"ParentPID": 6684890,
"Thread": 34799687,
"EventTime": "2021-09-09T04:25:00.732741-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:25:00.904373-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468896,
"ParentPID": 6684890,
"Thread": 43974707,
"EventTime": "2021-09-09T04:30:00.736270-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:30:01.034920-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468896,
"ParentPID": 6684890,
"Thread": 43974707,
"EventTime": "2021-09-09T04:30:00.736270-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:30:01.035707-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 03:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468896,
"ParentPID": 6684890,
"Thread": 43974707,
"EventTime": "2021-09-09T04:30:00.736270-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:30:01.036470-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468896,
"ParentPID": 6684890,
"Thread": 43974707,
"EventTime": "2021-09-09T04:30:00.736270-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:30:01.037220-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468898,
"ParentPID": 5439688,
"Thread": 32768225,
"EventTime": "2021-09-09T04:31:27.121025-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:27.292860-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8192060.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8192060,
"ParentPID": 11468898,
"Thread": 50004001,
"EventTime": "2021-09-09T04:31:27.251915-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:27.293625-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8192060",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10747932,
"ParentPID": 8192060,
"Thread": 45023319,
"EventTime": "2021-09-09T04:31:27.281343-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:27.294367-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10747932,
"ParentPID": 8192060,
"Thread": 45023319,
"EventTime": "2021-09-09T04:31:27.291347-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:27.599178-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10747936aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10747936,
"ParentPID": 8192060,
"Thread": 45023323,
"EventTime": "2021-09-09T04:31:27.301958-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:27.600015-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10747936aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10747936,
"ParentPID": 8192060,
"Thread": 45023323,
"EventTime": "2021-09-09T04:31:27.301958-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:27.600763-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10747936aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10747936,
"ParentPID": 8192060,
"Thread": 45023323,
"EventTime": "2021-09-09T04:31:27.308341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:27.601490-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8192060/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10747938,
"ParentPID": 8192060,
"Thread": 45023325,
"EventTime": "2021-09-09T04:31:27.311354-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:27.602215-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8192060",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10747940,
"ParentPID": 8192060,
"Thread": 45023327,
"EventTime": "2021-09-09T04:31:27.318343-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:27.602924-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8192062,
"ParentPID": 11468898,
"Thread": 50004003,
"EventTime": "2021-09-09T04:31:27.321358-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:27.603632-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192062,
"ParentPID": 11468898,
"Thread": 50004003,
"EventTime": "2021-09-09T04:31:27.321358-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:27.604359-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468900,
"ParentPID": 5439688,
"Thread": 32768227,
"EventTime": "2021-09-09T04:31:27.808340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:27.909156-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8192064.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8192064,
"ParentPID": 11468900,
"Thread": 50004005,
"EventTime": "2021-09-09T04:31:27.938340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:28.214389-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8192064",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10747956,
"ParentPID": 8192064,
"Thread": 45023343,
"EventTime": "2021-09-09T04:31:27.968844-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:28.215149-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10747956,
"ParentPID": 8192064,
"Thread": 45023343,
"EventTime": "2021-09-09T04:31:27.972961-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:28.215887-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10747960aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10747960,
"ParentPID": 8192064,
"Thread": 45023347,
"EventTime": "2021-09-09T04:31:27.982964-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:28.216605-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10747960aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10747960,
"ParentPID": 8192064,
"Thread": 45023347,
"EventTime": "2021-09-09T04:31:27.982964-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:28.217323-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10747960aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10747960,
"ParentPID": 8192064,
"Thread": 45023347,
"EventTime": "2021-09-09T04:31:27.988340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:28.218034-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8192064/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10747966,
"ParentPID": 8192064,
"Thread": 45023353,
"EventTime": "2021-09-09T04:31:27.998340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:28.218782-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8192064",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10747968,
"ParentPID": 8192064,
"Thread": 45023355,
"EventTime": "2021-09-09T04:31:28.002970-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:28.219571-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8192066,
"ParentPID": 11468900,
"Thread": 50004007,
"EventTime": "2021-09-09T04:31:28.002970-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:28.220291-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192066,
"ParentPID": 11468900,
"Thread": 50004007,
"EventTime": "2021-09-09T04:31:28.002970-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:28.220999-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468902,
"ParentPID": 5439688,
"Thread": 32768229,
"EventTime": "2021-09-09T04:31:29.015513-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:29.126639-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8192068.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8192068,
"ParentPID": 11468902,
"Thread": 50004009,
"EventTime": "2021-09-09T04:31:29.148367-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:29.429192-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10485926",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10223792,
"ParentPID": 10485926,
"Thread": 43319469,
"EventTime": "2021-09-09T04:31:29.168340-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:29.429811-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8192068",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10485934,
"ParentPID": 8192068,
"Thread": 45351083,
"EventTime": "2021-09-09T04:31:29.189863-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:29.430559-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10485934,
"ParentPID": 8192068,
"Thread": 45351083,
"EventTime": "2021-09-09T04:31:29.198340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:29.431286-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485938aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485938,
"ParentPID": 8192068,
"Thread": 45351087,
"EventTime": "2021-09-09T04:31:29.208340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:29.432016-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485938aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485938,
"ParentPID": 8192068,
"Thread": 45351087,
"EventTime": "2021-09-09T04:31:29.208340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:29.432731-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485938aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485938,
"ParentPID": 8192068,
"Thread": 45351087,
"EventTime": "2021-09-09T04:31:29.208340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:29.433449-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8192068/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10485940,
"ParentPID": 8192068,
"Thread": 45351089,
"EventTime": "2021-09-09T04:31:29.218340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:29.434185-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8192068",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10485942,
"ParentPID": 8192068,
"Thread": 45351091,
"EventTime": "2021-09-09T04:31:29.225860-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:29.434904-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8192070,
"ParentPID": 11468902,
"Thread": 50004011,
"EventTime": "2021-09-09T04:31:29.228340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:29.435619-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192070,
"ParentPID": 11468902,
"Thread": 50004011,
"EventTime": "2021-09-09T04:31:29.228340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:29.436324-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468904,
"ParentPID": 5439688,
"Thread": 32768231,
"EventTime": "2021-09-09T04:31:40.736144-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:40.859912-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468906,
"ParentPID": 5439688,
"Thread": 32768233,
"EventTime": "2021-09-09T04:31:42.119858-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:42.369178-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468908,
"ParentPID": 5439688,
"Thread": 32768235,
"EventTime": "2021-09-09T04:31:43.507340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:43.574627-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468910,
"ParentPID": 5439688,
"Thread": 32768237,
"EventTime": "2021-09-09T04:31:44.887470-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:45.082343-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8192072.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8192072,
"ParentPID": 11468910,
"Thread": 50004013,
"EventTime": "2021-09-09T04:31:45.020251-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:45.083111-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8192072",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10485958,
"ParentPID": 8192072,
"Thread": 45351107,
"EventTime": "2021-09-09T04:31:45.047806-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:45.083853-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10485958,
"ParentPID": 8192072,
"Thread": 45351107,
"EventTime": "2021-09-09T04:31:45.057809-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:45.084581-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485962aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485962,
"ParentPID": 8192072,
"Thread": 45351111,
"EventTime": "2021-09-09T04:31:45.070264-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:45.085309-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485962aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485962,
"ParentPID": 8192072,
"Thread": 45351111,
"EventTime": "2021-09-09T04:31:45.070264-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:45.086027-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485962aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485962,
"ParentPID": 8192072,
"Thread": 45351111,
"EventTime": "2021-09-09T04:31:45.070264-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:45.086738-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8192072/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10485964,
"ParentPID": 8192072,
"Thread": 45351113,
"EventTime": "2021-09-09T04:31:45.087817-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:45.388164-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8192072",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10485966,
"ParentPID": 8192072,
"Thread": 45351115,
"EventTime": "2021-09-09T04:31:45.087817-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:45.388966-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8192074,
"ParentPID": 11468910,
"Thread": 50004015,
"EventTime": "2021-09-09T04:31:45.087817-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:45.389705-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192074,
"ParentPID": 11468910,
"Thread": 50004015,
"EventTime": "2021-09-09T04:31:45.087817-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:45.390437-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468912,
"ParentPID": 5439688,
"Thread": 32768239,
"EventTime": "2021-09-09T04:31:46.357340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:46.598278-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8192076.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8192076,
"ParentPID": 11468912,
"Thread": 50004017,
"EventTime": "2021-09-09T04:31:46.487340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:46.599097-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8192076",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 10485982,
"ParentPID": 8192076,
"Thread": 45351131,
"EventTime": "2021-09-09T04:31:46.517341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:46.599850-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 10485982,
"ParentPID": 8192076,
"Thread": 45351131,
"EventTime": "2021-09-09T04:31:46.521397-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:46.600583-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485986aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485986,
"ParentPID": 8192076,
"Thread": 45351135,
"EventTime": "2021-09-09T04:31:46.531400-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:46.601314-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485986aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485986,
"ParentPID": 8192076,
"Thread": 45351135,
"EventTime": "2021-09-09T04:31:46.531400-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:46.602042-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm10485986aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 10485986,
"ParentPID": 8192076,
"Thread": 45351135,
"EventTime": "2021-09-09T04:31:46.537341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:46.602752-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8192076/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 10485988,
"ParentPID": 8192076,
"Thread": 45351137,
"EventTime": "2021-09-09T04:31:46.547340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:46.603483-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8192076",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 10485990,
"ParentPID": 8192076,
"Thread": 45351139,
"EventTime": "2021-09-09T04:31:46.551409-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:46.604193-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8192078,
"ParentPID": 11468912,
"Thread": 50004019,
"EventTime": "2021-09-09T04:31:46.551409-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:46.604903-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192078,
"ParentPID": 11468912,
"Thread": 50004019,
"EventTime": "2021-09-09T04:31:46.551409-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:46.605609-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 11468914,
"ParentPID": 5439688,
"Thread": 32768241,
"EventTime": "2021-09-09T04:31:47.817340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:31:48.116677-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-09T04:33:05.889845-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:33:05.922329-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010486012PYEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10486012,
"ParentPID": 8192088,
"Thread": 29884507,
"EventTime": "2021-09-09T04:34:30.541340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:34:30.650389-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192096,
"ParentPID": 11468918,
"Thread": 49348843,
"EventTime": "2021-09-09T04:34:30.561341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:34:30.651150-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010223866QIDaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10223866,
"ParentPID": 4718716,
"Thread": 46727379,
"EventTime": "2021-09-09T04:34:30.661341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:34:30.952197-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468920,
"ParentPID": 6684890,
"Thread": 32768251,
"EventTime": "2021-09-09T04:35:00.741096-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:35:00.979519-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11468920,
"ParentPID": 6684890,
"Thread": 32768251,
"EventTime": "2021-09-09T04:35:00.741096-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:35:00.980293-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 03:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11468920,
"ParentPID": 6684890,
"Thread": 32768251,
"EventTime": "2021-09-09T04:35:00.741096-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:35:00.981064-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11468920,
"ParentPID": 6684890,
"Thread": 32768251,
"EventTime": "2021-09-09T04:35:00.741096-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:35:00.981853-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223870,
"ParentPID": 6684890,
"Thread": 47054883,
"EventTime": "2021-09-09T04:40:00.755068-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:40:00.870463-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223870,
"ParentPID": 6684890,
"Thread": 47054883,
"EventTime": "2021-09-09T04:40:00.755068-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:40:00.871246-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 03:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223870,
"ParentPID": 6684890,
"Thread": 47054883,
"EventTime": "2021-09-09T04:40:00.755068-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:40:00.872042-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223870,
"ParentPID": 6684890,
"Thread": 47054883,
"EventTime": "2021-09-09T04:40:00.760341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:40:00.872770-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223616,
"ParentPID": 5439688,
"Thread": 47054891,
"EventTime": "2021-09-09T04:42:40.915340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:42:41.068239-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223618,
"ParentPID": 6684890,
"Thread": 38928627,
"EventTime": "2021-09-09T04:45:00.763803-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:45:00.794031-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223618,
"ParentPID": 6684890,
"Thread": 38928627,
"EventTime": "2021-09-09T04:45:00.768915-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:45:00.794805-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 03:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223618,
"ParentPID": 6684890,
"Thread": 38928627,
"EventTime": "2021-09-09T04:45:00.768915-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:45:00.795562-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223618,
"ParentPID": 6684890,
"Thread": 38928627,
"EventTime": "2021-09-09T04:45:00.770340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:45:00.796295-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009961530KICaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9961530,
"ParentPID": 11468932,
"Thread": 31653913,
"EventTime": "2021-09-09T04:49:30.784535-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:49:30.925611-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 11468940,
"ParentPID": 10223620,
"Thread": 50725057,
"EventTime": "2021-09-09T04:49:30.804541-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:49:30.926428-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009961554LyCaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9961554,
"ParentPID": 11468942,
"Thread": 31653937,
"EventTime": "2021-09-09T04:49:30.895946-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:49:30.927164-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223622,
"ParentPID": 6684890,
"Thread": 34406419,
"EventTime": "2021-09-09T04:50:00.776441-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:50:00.997910-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223622,
"ParentPID": 6684890,
"Thread": 34406419,
"EventTime": "2021-09-09T04:50:00.776441-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:50:00.998686-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 03:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223622,
"ParentPID": 6684890,
"Thread": 34406419,
"EventTime": "2021-09-09T04:50:00.776441-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:50:00.999439-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223622,
"ParentPID": 6684890,
"Thread": 34406419,
"EventTime": "2021-09-09T04:50:00.780340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:50:01.000167-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09961556",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9044042,
"ParentPID": 9961556,
"Thread": 42926155,
"EventTime": "2021-09-09T04:50:00.796889-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:50:01.000807-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223624,
"ParentPID": 6684890,
"Thread": 45416679,
"EventTime": "2021-09-09T04:55:00.800340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:55:00.887356-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223624,
"ParentPID": 6684890,
"Thread": 45416679,
"EventTime": "2021-09-09T04:55:00.800340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:55:00.888180-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 03:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223624,
"ParentPID": 6684890,
"Thread": 45416679,
"EventTime": "2021-09-09T04:55:00.800340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:55:00.888934-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223624,
"ParentPID": 6684890,
"Thread": 45416679,
"EventTime": "2021-09-09T04:55:00.800340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T04:55:00.889667-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223626,
"ParentPID": 6684890,
"Thread": 43581497,
"EventTime": "2021-09-09T05:00:00.810340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:00:00.827115-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223626,
"ParentPID": 6684890,
"Thread": 43581497,
"EventTime": "2021-09-09T05:00:00.810340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:00:00.827890-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 04:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223626,
"ParentPID": 6684890,
"Thread": 43581497,
"EventTime": "2021-09-09T05:00:00.810340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:00:00.828641-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223626,
"ParentPID": 6684890,
"Thread": 43581497,
"EventTime": "2021-09-09T05:00:00.810340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:00:00.829375-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009044064Fy97aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9044064,
"ParentPID": 10223638,
"Thread": 42139859,
"EventTime": "2021-09-09T05:04:31.020449-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:04:31.291204-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10223646,
"ParentPID": 9961562,
"Thread": 32243719,
"EventTime": "2021-09-09T05:04:31.040340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:04:31.292016-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009044088Ge97aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9044088,
"ParentPID": 10223648,
"Thread": 42139883,
"EventTime": "2021-09-09T05:04:31.135800-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:04:31.292751-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961564,
"ParentPID": 6684890,
"Thread": 28508363,
"EventTime": "2021-09-09T05:05:00.819340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:05:01.037596-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961564,
"ParentPID": 6684890,
"Thread": 28508363,
"EventTime": "2021-09-09T05:05:00.819340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:05:01.038362-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 04:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961564,
"ParentPID": 6684890,
"Thread": 28508363,
"EventTime": "2021-09-09T05:05:00.819340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:05:01.039111-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961564,
"ParentPID": 6684890,
"Thread": 28508363,
"EventTime": "2021-09-09T05:05:00.822272-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:05:01.039885-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961566,
"ParentPID": 6684890,
"Thread": 44826685,
"EventTime": "2021-09-09T05:10:00.829340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:10:00.913920-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961566,
"ParentPID": 6684890,
"Thread": 44826685,
"EventTime": "2021-09-09T05:10:00.829340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:10:00.914728-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 04:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961566,
"ParentPID": 6684890,
"Thread": 44826685,
"EventTime": "2021-09-09T05:10:00.829340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:10:00.915479-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961566,
"ParentPID": 6684890,
"Thread": 44826685,
"EventTime": "2021-09-09T05:10:00.829340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:10:00.916209-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961568,
"ParentPID": 6684890,
"Thread": 41418863,
"EventTime": "2021-09-09T05:15:00.839341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:15:01.075929-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961568,
"ParentPID": 6684890,
"Thread": 41418863,
"EventTime": "2021-09-09T05:15:00.839341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:15:01.076746-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 04:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961568,
"ParentPID": 6684890,
"Thread": 41418863,
"EventTime": "2021-09-09T05:15:00.840579-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:15:01.077505-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961568,
"ParentPID": 6684890,
"Thread": 41418863,
"EventTime": "2021-09-09T05:15:00.842126-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:15:01.078242-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011468972AeHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468972,
"ParentPID": 10485774,
"Thread": 47513619,
"EventTime": "2021-09-09T05:19:31.261094-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:19:31.501303-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10485782,
"ParentPID": 9961570,
"Thread": 44433463,
"EventTime": "2021-09-09T05:19:31.271098-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:19:31.502155-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008978528AM9qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8978528,
"ParentPID": 11010230,
"Thread": 32243767,
"EventTime": "2021-09-09T05:19:31.371126-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:19:31.502920-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010232,
"ParentPID": 6684890,
"Thread": 37224639,
"EventTime": "2021-09-09T05:20:00.849340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:20:00.957538-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010232,
"ParentPID": 6684890,
"Thread": 37224639,
"EventTime": "2021-09-09T05:20:00.849340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:20:00.958373-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 04:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010232,
"ParentPID": 6684890,
"Thread": 37224639,
"EventTime": "2021-09-09T05:20:00.849340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:20:00.959120-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010232,
"ParentPID": 6684890,
"Thread": 37224639,
"EventTime": "2021-09-09T05:20:00.851295-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:20:00.959906-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010234,
"ParentPID": 6684890,
"Thread": 40108251,
"EventTime": "2021-09-09T05:25:00.859340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:25:01.135051-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010234,
"ParentPID": 6684890,
"Thread": 40108251,
"EventTime": "2021-09-09T05:25:00.859340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:25:01.135884-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 04:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010234,
"ParentPID": 6684890,
"Thread": 40108251,
"EventTime": "2021-09-09T05:25:00.859340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:25:01.136653-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010234,
"ParentPID": 6684890,
"Thread": 40108251,
"EventTime": "2021-09-09T05:25:00.859340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:25:01.137391-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010236,
"ParentPID": 6684890,
"Thread": 29098029,
"EventTime": "2021-09-09T05:30:00.869342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:30:01.011097-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 11010236,
"ParentPID": 6684890,
"Thread": 29098029,
"EventTime": "2021-09-09T05:30:00.869342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:30:01.011873-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 04:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 11010236,
"ParentPID": 6684890,
"Thread": 29098029,
"EventTime": "2021-09-09T05:30:00.869342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:30:01.012633-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 11010236,
"ParentPID": 6684890,
"Thread": 29098029,
"EventTime": "2021-09-09T05:30:00.869342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:30:01.013371-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-09T05:33:05.772340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:33:05.897931-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00104858045IEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485804,
"ParentPID": 9371752,
"Thread": 28770347,
"EventTime": "2021-09-09T05:34:31.499364-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:34:31.536761-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9371760,
"ParentPID": 11010240,
"Thread": 48693377,
"EventTime": "2021-09-09T05:34:31.512100-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:34:31.537517-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC001048582863Eaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485828,
"ParentPID": 9371762,
"Thread": 28770371,
"EventTime": "2021-09-09T05:34:31.612146-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:34:31.840176-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371764,
"ParentPID": 6684890,
"Thread": 41615581,
"EventTime": "2021-09-09T05:35:00.878340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:35:00.982557-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371764,
"ParentPID": 6684890,
"Thread": 41615581,
"EventTime": "2021-09-09T05:35:00.878340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:35:00.983388-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 04:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371764,
"ParentPID": 6684890,
"Thread": 41615581,
"EventTime": "2021-09-09T05:35:00.878340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:35:00.984140-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371764,
"ParentPID": 6684890,
"Thread": 41615581,
"EventTime": "2021-09-09T05:35:00.878340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:35:00.984869-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192126,
"ParentPID": 6684890,
"Thread": 42663999,
"EventTime": "2021-09-09T05:40:00.881986-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:40:00.894078-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192126,
"ParentPID": 6684890,
"Thread": 42663999,
"EventTime": "2021-09-09T05:40:00.881986-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:40:00.894846-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 04:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192126,
"ParentPID": 6684890,
"Thread": 42663999,
"EventTime": "2021-09-09T05:40:00.881986-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:40:00.895599-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192126,
"ParentPID": 6684890,
"Thread": 42663999,
"EventTime": "2021-09-09T05:40:00.881986-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:40:00.896331-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192128,
"ParentPID": 5439688,
"Thread": 47251673,
"EventTime": "2021-09-09T05:41:13.340907-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:41:13.617267-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9371772.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9371772,
"ParentPID": 8192128,
"Thread": 39452887,
"EventTime": "2021-09-09T05:41:13.471241-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:41:13.618077-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9371772",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9961604,
"ParentPID": 9371772,
"Thread": 42139677,
"EventTime": "2021-09-09T05:41:13.501250-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:41:13.618816-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9961604,
"ParentPID": 9371772,
"Thread": 42139677,
"EventTime": "2021-09-09T05:41:13.511253-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:41:13.619546-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961608aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961608,
"ParentPID": 9371772,
"Thread": 42139681,
"EventTime": "2021-09-09T05:41:13.516340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:41:13.620269-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961608aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961608,
"ParentPID": 9371772,
"Thread": 42139681,
"EventTime": "2021-09-09T05:41:13.516340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:41:13.620975-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961608aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961608,
"ParentPID": 9371772,
"Thread": 42139681,
"EventTime": "2021-09-09T05:41:13.521668-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:41:13.621693-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10485832",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 11010252,
"ParentPID": 10485832,
"Thread": 28967031,
"EventTime": "2021-09-09T05:41:13.541263-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:41:13.622250-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9371772/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9961614,
"ParentPID": 9371772,
"Thread": 42139687,
"EventTime": "2021-09-09T05:41:13.546341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:41:13.622958-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9371772",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9961616,
"ParentPID": 9371772,
"Thread": 42139689,
"EventTime": "2021-09-09T05:41:13.546341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:41:13.623658-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9371774,
"ParentPID": 8192128,
"Thread": 39452889,
"EventTime": "2021-09-09T05:41:13.551267-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:41:13.624355-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371774,
"ParentPID": 8192128,
"Thread": 39452889,
"EventTime": "2021-09-09T05:41:13.551267-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:41:13.625057-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192130,
"ParentPID": 5439688,
"Thread": 47251675,
"EventTime": "2021-09-09T05:41:14.596340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:41:14.827233-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9371776.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9371776,
"ParentPID": 8192130,
"Thread": 39452891,
"EventTime": "2021-09-09T05:41:14.726340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:41:14.828049-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9371776",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9961632,
"ParentPID": 9371776,
"Thread": 42139705,
"EventTime": "2021-09-09T05:41:14.756340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:41:14.828795-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9961632,
"ParentPID": 9371776,
"Thread": 42139705,
"EventTime": "2021-09-09T05:41:14.766370-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:41:14.829522-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961636aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961636,
"ParentPID": 9371776,
"Thread": 42139709,
"EventTime": "2021-09-09T05:41:14.776370-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:41:14.830250-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961636aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961636,
"ParentPID": 9371776,
"Thread": 42139709,
"EventTime": "2021-09-09T05:41:14.776370-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:41:14.830965-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961636aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961636,
"ParentPID": 9371776,
"Thread": 42139709,
"EventTime": "2021-09-09T05:41:14.776370-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:41:14.831676-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9371776/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9961638,
"ParentPID": 9371776,
"Thread": 42139711,
"EventTime": "2021-09-09T05:41:14.786340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:41:14.832408-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9371776",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9961640,
"ParentPID": 9371776,
"Thread": 42139713,
"EventTime": "2021-09-09T05:41:14.794532-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:41:14.833118-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9371778,
"ParentPID": 8192130,
"Thread": 39452893,
"EventTime": "2021-09-09T05:41:14.796341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:41:14.833824-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371778,
"ParentPID": 8192130,
"Thread": 39452893,
"EventTime": "2021-09-09T05:41:14.796341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:41:14.834531-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192132,
"ParentPID": 6684890,
"Thread": 47251685,
"EventTime": "2021-09-09T05:45:00.895623-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:45:01.086982-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192132,
"ParentPID": 6684890,
"Thread": 47251685,
"EventTime": "2021-09-09T05:45:00.895623-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:45:01.087808-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 04:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192132,
"ParentPID": 6684890,
"Thread": 47251685,
"EventTime": "2021-09-09T05:45:00.895623-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:45:01.088575-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192132,
"ParentPID": 6684890,
"Thread": 47251685,
"EventTime": "2021-09-09T05:45:00.895623-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:45:01.089317-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009961662z3Caaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9961662,
"ParentPID": 9371788,
"Thread": 50200711,
"EventTime": "2021-09-09T05:49:31.739341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:49:31.822506-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9371796,
"ParentPID": 8192138,
"Thread": 30736549,
"EventTime": "2021-09-09T05:49:31.759340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:49:31.823277-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00099616861iCaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9961686,
"ParentPID": 9371798,
"Thread": 50200735,
"EventTime": "2021-09-09T05:49:31.859341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:49:32.125184-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371800,
"ParentPID": 6684890,
"Thread": 41156699,
"EventTime": "2021-09-09T05:50:00.908340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:50:00.974772-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371800,
"ParentPID": 6684890,
"Thread": 41156699,
"EventTime": "2021-09-09T05:50:00.908340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:50:00.975556-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 04:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371800,
"ParentPID": 6684890,
"Thread": 41156699,
"EventTime": "2021-09-09T05:50:00.908340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:50:00.976316-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371800,
"ParentPID": 6684890,
"Thread": 41156699,
"EventTime": "2021-09-09T05:50:00.908340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:50:00.977050-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371802,
"ParentPID": 5439688,
"Thread": 41156701,
"EventTime": "2021-09-09T05:50:14.922595-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:50:15.114041-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371804,
"ParentPID": 6684890,
"Thread": 39125191,
"EventTime": "2021-09-09T05:55:00.919907-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:55:01.209726-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371804,
"ParentPID": 6684890,
"Thread": 39125191,
"EventTime": "2021-09-09T05:55:00.919907-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:55:01.210562-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 04:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371804,
"ParentPID": 6684890,
"Thread": 39125191,
"EventTime": "2021-09-09T05:55:00.919907-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:55:01.211325-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371804,
"ParentPID": 6684890,
"Thread": 39125191,
"EventTime": "2021-09-09T05:55:00.923549-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T05:55:01.212067-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371806,
"ParentPID": 6684890,
"Thread": 50659397,
"EventTime": "2021-09-09T06:00:00.930293-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:00:01.085521-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371806,
"ParentPID": 6684890,
"Thread": 50659397,
"EventTime": "2021-09-09T06:00:00.930293-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:00:01.086306-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 05:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371806,
"ParentPID": 6684890,
"Thread": 50659397,
"EventTime": "2021-09-09T06:00:00.930293-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:00:01.087067-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371806,
"ParentPID": 6684890,
"Thread": 50659397,
"EventTime": "2021-09-09T06:00:00.930293-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:00:01.087811-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485890uiEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485890,
"ParentPID": 9371818,
"Thread": 38862855,
"EventTime": "2021-09-09T06:04:31.978340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:04:32.197657-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9371826,
"ParentPID": 9961692,
"Thread": 43974763,
"EventTime": "2021-09-09T06:04:31.998340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:04:32.198505-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485914uQEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485914,
"ParentPID": 9371828,
"Thread": 38862879,
"EventTime": "2021-09-09T06:04:32.098378-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:04:32.199303-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961694,
"ParentPID": 6684890,
"Thread": 31588389,
"EventTime": "2021-09-09T06:05:00.937340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:05:01.052804-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961694,
"ParentPID": 6684890,
"Thread": 31588389,
"EventTime": "2021-09-09T06:05:00.937340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:05:01.053634-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 05:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961694,
"ParentPID": 6684890,
"Thread": 31588389,
"EventTime": "2021-09-09T06:05:00.937340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:05:01.054389-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961694,
"ParentPID": 6684890,
"Thread": 31588389,
"EventTime": "2021-09-09T06:05:00.937340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:05:01.055121-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9961696,
"ParentPID": 5439688,
"Thread": 36176083,
"EventTime": "2021-09-09T06:07:36.802340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:07:37.001244-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9961698,
"ParentPID": 5439688,
"Thread": 36176085,
"EventTime": "2021-09-09T06:07:37.072340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:07:37.303187-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9961700,
"ParentPID": 5439688,
"Thread": 36176087,
"EventTime": "2021-09-09T06:07:37.342340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:07:37.612723-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9961702,
"ParentPID": 5439688,
"Thread": 36176089,
"EventTime": "2021-09-09T06:07:37.484499-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:07:37.613554-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9961704,
"ParentPID": 5439688,
"Thread": 36176091,
"EventTime": "2021-09-09T06:07:37.752340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:07:37.923180-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9961706,
"ParentPID": 5439688,
"Thread": 36176093,
"EventTime": "2021-09-09T06:07:38.023304-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:07:38.224334-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9961708,
"ParentPID": 5439688,
"Thread": 36176095,
"EventTime": "2021-09-09T06:07:38.303643-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:07:38.526148-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9961710,
"ParentPID": 5439688,
"Thread": 36176097,
"EventTime": "2021-09-09T06:07:38.564331-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:07:38.833215-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9961712,
"ParentPID": 5439688,
"Thread": 36176099,
"EventTime": "2021-09-09T06:07:38.824975-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:07:38.834036-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9961714,
"ParentPID": 5439688,
"Thread": 36176101,
"EventTime": "2021-09-09T06:07:39.085625-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:07:39.136557-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961716,
"ParentPID": 6684890,
"Thread": 48168983,
"EventTime": "2021-09-09T06:10:00.947340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:10:00.997458-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961716,
"ParentPID": 6684890,
"Thread": 48168983,
"EventTime": "2021-09-09T06:10:00.947340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:10:00.998230-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 05:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961716,
"ParentPID": 6684890,
"Thread": 48168983,
"EventTime": "2021-09-09T06:10:00.947340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:10:00.998981-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961716,
"ParentPID": 6684890,
"Thread": 48168983,
"EventTime": "2021-09-09T06:10:00.947340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:10:00.999719-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961718,
"ParentPID": 6684890,
"Thread": 36176119,
"EventTime": "2021-09-09T06:15:00.954945-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:15:01.177542-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961718,
"ParentPID": 6684890,
"Thread": 36176119,
"EventTime": "2021-09-09T06:15:00.954945-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:15:01.178369-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 05:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961718,
"ParentPID": 6684890,
"Thread": 36176119,
"EventTime": "2021-09-09T06:15:00.954945-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:15:01.179126-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961718,
"ParentPID": 6684890,
"Thread": 36176119,
"EventTime": "2021-09-09T06:15:00.954945-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:15:01.179858-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09371830",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 10485916,
"ParentPID": 9371830,
"Thread": 34406443,
"EventTime": "2021-09-09T06:15:00.976471-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:15:01.180409-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485938oQEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485938,
"ParentPID": 9371844,
"Thread": 46399493,
"EventTime": "2021-09-09T06:19:32.219547-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:19:32.498826-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9371852,
"ParentPID": 9961724,
"Thread": 28967063,
"EventTime": "2021-09-09T06:19:32.239555-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:19:32.499663-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485962p7Eaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485962,
"ParentPID": 9371854,
"Thread": 46399517,
"EventTime": "2021-09-09T06:19:32.330965-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:19:32.500418-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371856,
"ParentPID": 6684890,
"Thread": 41418899,
"EventTime": "2021-09-09T06:20:00.977402-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:20:01.056874-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371856,
"ParentPID": 6684890,
"Thread": 41418899,
"EventTime": "2021-09-09T06:20:00.977402-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:20:01.057762-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 05:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371856,
"ParentPID": 6684890,
"Thread": 41418899,
"EventTime": "2021-09-09T06:20:00.977402-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:20:01.058580-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371856,
"ParentPID": 6684890,
"Thread": 41418899,
"EventTime": "2021-09-09T06:20:00.977402-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:20:01.059319-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371862,
"ParentPID": 6684890,
"Thread": 47382683,
"EventTime": "2021-09-09T06:25:00.989207-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:25:01.252729-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371862,
"ParentPID": 6684890,
"Thread": 47382683,
"EventTime": "2021-09-09T06:25:00.989207-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:25:01.253556-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 05:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371862,
"ParentPID": 6684890,
"Thread": 47382683,
"EventTime": "2021-09-09T06:25:00.989207-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:25:01.254314-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371862,
"ParentPID": 6684890,
"Thread": 47382683,
"EventTime": "2021-09-09T06:25:00.989207-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:25:01.255049-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371864,
"ParentPID": 6684890,
"Thread": 42467389,
"EventTime": "2021-09-09T06:30:01.001151-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:30:01.066226-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371864,
"ParentPID": 6684890,
"Thread": 42467389,
"EventTime": "2021-09-09T06:30:01.001151-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:30:01.067004-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 05:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371864,
"ParentPID": 6684890,
"Thread": 42467389,
"EventTime": "2021-09-09T06:30:01.001151-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:30:01.067804-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371864,
"ParentPID": 6684890,
"Thread": 42467389,
"EventTime": "2021-09-09T06:30:01.001151-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:30:01.068645-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-09T06:33:05.650339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:05.884079-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371868,
"ParentPID": 5439688,
"Thread": 35455053,
"EventTime": "2021-09-09T06:33:16.000340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:16.117660-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10485968.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10485968,
"ParentPID": 9371868,
"Thread": 42991753,
"EventTime": "2021-09-09T06:33:16.136758-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:16.421192-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10485968",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11468800,
"ParentPID": 10485968,
"Thread": 40632563,
"EventTime": "2021-09-09T06:33:16.167924-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:16.421994-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11468800,
"ParentPID": 10485968,
"Thread": 40632563,
"EventTime": "2021-09-09T06:33:16.170340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:16.422728-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468804aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468804,
"ParentPID": 10485968,
"Thread": 40632567,
"EventTime": "2021-09-09T06:33:16.183249-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:16.423454-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468804aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468804,
"ParentPID": 10485968,
"Thread": 40632567,
"EventTime": "2021-09-09T06:33:16.183249-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:16.424172-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468804aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468804,
"ParentPID": 10485968,
"Thread": 40632567,
"EventTime": "2021-09-09T06:33:16.186774-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:16.424884-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10485968/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11468810,
"ParentPID": 10485968,
"Thread": 40632573,
"EventTime": "2021-09-09T06:33:16.196776-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:16.425596-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10485968",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11468812,
"ParentPID": 10485968,
"Thread": 40632575,
"EventTime": "2021-09-09T06:33:16.200340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:16.426322-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10485970,
"ParentPID": 9371868,
"Thread": 42991755,
"EventTime": "2021-09-09T06:33:16.200340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:16.427034-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485970,
"ParentPID": 9371868,
"Thread": 42991755,
"EventTime": "2021-09-09T06:33:16.200340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:16.427748-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371870,
"ParentPID": 5439688,
"Thread": 35455055,
"EventTime": "2021-09-09T06:33:16.708150-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:16.728987-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10485972.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10485972,
"ParentPID": 9371870,
"Thread": 42991757,
"EventTime": "2021-09-09T06:33:16.838491-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:17.031431-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10485972",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11468828,
"ParentPID": 10485972,
"Thread": 40632335,
"EventTime": "2021-09-09T06:33:16.870340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:17.032197-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11468828,
"ParentPID": 10485972,
"Thread": 40632335,
"EventTime": "2021-09-09T06:33:16.878540-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:17.032936-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468832aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468832,
"ParentPID": 10485972,
"Thread": 40632339,
"EventTime": "2021-09-09T06:33:16.883749-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:17.033661-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468832aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468832,
"ParentPID": 10485972,
"Thread": 40632339,
"EventTime": "2021-09-09T06:33:16.888543-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:17.034386-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468832aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468832,
"ParentPID": 10485972,
"Thread": 40632339,
"EventTime": "2021-09-09T06:33:16.890340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:17.035100-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10485972/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11468838,
"ParentPID": 10485972,
"Thread": 40632345,
"EventTime": "2021-09-09T06:33:16.900340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:17.035816-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10485972",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11468840,
"ParentPID": 10485972,
"Thread": 40632347,
"EventTime": "2021-09-09T06:33:16.901805-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:17.036552-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10485974,
"ParentPID": 9371870,
"Thread": 42991759,
"EventTime": "2021-09-09T06:33:16.901805-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:17.037266-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485974,
"ParentPID": 9371870,
"Thread": 42991759,
"EventTime": "2021-09-09T06:33:16.901805-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:17.037979-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371872,
"ParentPID": 5439688,
"Thread": 35455057,
"EventTime": "2021-09-09T06:33:17.971248-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:18.242643-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10485976.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10485976,
"ParentPID": 9371872,
"Thread": 42991761,
"EventTime": "2021-09-09T06:33:18.102654-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:18.243457-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10485976",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11468856,
"ParentPID": 10485976,
"Thread": 40632363,
"EventTime": "2021-09-09T06:33:18.131588-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:18.244197-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11468856,
"ParentPID": 10485976,
"Thread": 40632363,
"EventTime": "2021-09-09T06:33:18.141590-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:18.244919-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468860aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468860,
"ParentPID": 10485976,
"Thread": 40632367,
"EventTime": "2021-09-09T06:33:18.152667-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:18.245642-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468860aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468860,
"ParentPID": 10485976,
"Thread": 40632367,
"EventTime": "2021-09-09T06:33:18.152667-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:18.246358-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468860aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468860,
"ParentPID": 10485976,
"Thread": 40632367,
"EventTime": "2021-09-09T06:33:18.152667-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:18.247072-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10485976/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 11468862,
"ParentPID": 10485976,
"Thread": 40632369,
"EventTime": "2021-09-09T06:33:18.161598-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:18.247807-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10485976",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 11468864,
"ParentPID": 10485976,
"Thread": 40632371,
"EventTime": "2021-09-09T06:33:18.161598-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:18.248522-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10485978,
"ParentPID": 9371872,
"Thread": 42991763,
"EventTime": "2021-09-09T06:33:18.171601-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:18.249233-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485978,
"ParentPID": 9371872,
"Thread": 42991763,
"EventTime": "2021-09-09T06:33:18.171601-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:18.249937-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371874,
"ParentPID": 5439688,
"Thread": 35455059,
"EventTime": "2021-09-09T06:33:29.663838-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:29.963360-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371876,
"ParentPID": 5439688,
"Thread": 35455061,
"EventTime": "2021-09-09T06:33:31.040340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:31.168908-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371878,
"ParentPID": 5439688,
"Thread": 35455063,
"EventTime": "2021-09-09T06:33:32.429340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:32.682065-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371880,
"ParentPID": 5439688,
"Thread": 35455065,
"EventTime": "2021-09-09T06:33:33.809340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:33.895573-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10485980.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10485980,
"ParentPID": 9371880,
"Thread": 42991765,
"EventTime": "2021-09-09T06:33:33.939340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:34.199978-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10485980",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 11468880,
"ParentPID": 10485980,
"Thread": 40632387,
"EventTime": "2021-09-09T06:33:33.969340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:34.200801-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 11468880,
"ParentPID": 10485980,
"Thread": 40632387,
"EventTime": "2021-09-09T06:33:33.979340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:34.201547-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468884aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468884,
"ParentPID": 10485980,
"Thread": 40632391,
"EventTime": "2021-09-09T06:33:33.999341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:34.202279-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.08978584",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 11010050,
"ParentPID": 8978584,
"Thread": 40829177,
"EventTime": "2021-09-09T06:33:33.999341-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:34.202830-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468884aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468884,
"ParentPID": 10485980,
"Thread": 40632391,
"EventTime": "2021-09-09T06:33:33.999341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:34.203548-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm11468884aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 11468884,
"ParentPID": 10485980,
"Thread": 40632391,
"EventTime": "2021-09-09T06:33:34.004807-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:34.204268-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10485980/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 8978590,
"ParentPID": 10485980,
"Thread": 20250725,
"EventTime": "2021-09-09T06:33:34.014810-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:34.205002-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10485980",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 8978592,
"ParentPID": 10485980,
"Thread": 20250727,
"EventTime": "2021-09-09T06:33:34.019426-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:34.205729-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10485982,
"ParentPID": 9371880,
"Thread": 42991767,
"EventTime": "2021-09-09T06:33:34.019426-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:34.206449-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485982,
"ParentPID": 9371880,
"Thread": 42991767,
"EventTime": "2021-09-09T06:33:34.019426-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:34.207162-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371882,
"ParentPID": 5439688,
"Thread": 35455067,
"EventTime": "2021-09-09T06:33:35.279340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:35.420461-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10485984.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10485984,
"ParentPID": 9371882,
"Thread": 42991769,
"EventTime": "2021-09-09T06:33:35.409340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:35.421230-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10485984",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 8978608,
"ParentPID": 10485984,
"Thread": 20250743,
"EventTime": "2021-09-09T06:33:35.449340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:35.730251-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 8978608,
"ParentPID": 10485984,
"Thread": 20250743,
"EventTime": "2021-09-09T06:33:35.449340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:35.731071-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm8978612aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8978612,
"ParentPID": 10485984,
"Thread": 20250747,
"EventTime": "2021-09-09T06:33:35.459340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:35.731818-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm8978612aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8978612,
"ParentPID": 10485984,
"Thread": 20250747,
"EventTime": "2021-09-09T06:33:35.459340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:35.732551-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm8978612aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8978612,
"ParentPID": 10485984,
"Thread": 20250747,
"EventTime": "2021-09-09T06:33:35.469340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:35.733287-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10485984/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 8978618,
"ParentPID": 10485984,
"Thread": 20250753,
"EventTime": "2021-09-09T06:33:35.479367-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:35.734007-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10485984",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 8978620,
"ParentPID": 10485984,
"Thread": 20250755,
"EventTime": "2021-09-09T06:33:35.479778-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:35.734728-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10485986,
"ParentPID": 9371882,
"Thread": 42991771,
"EventTime": "2021-09-09T06:33:35.479778-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:35.735467-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10485986,
"ParentPID": 9371882,
"Thread": 42991771,
"EventTime": "2021-09-09T06:33:35.479778-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:35.736186-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371884,
"ParentPID": 5439688,
"Thread": 35455069,
"EventTime": "2021-09-09T06:33:36.742084-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:33:36.943512-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008978642j79qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8978642,
"ParentPID": 10485996,
"Thread": 45809769,
"EventTime": "2021-09-09T06:34:32.457341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:34:32.548592-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10486004,
"ParentPID": 9371886,
"Thread": 31653965,
"EventTime": "2021-09-09T06:34:32.477341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:34:32.549406-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008978666km9qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8978666,
"ParentPID": 10486006,
"Thread": 45809793,
"EventTime": "2021-09-09T06:34:32.574586-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:34:32.850303-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10486008,
"ParentPID": 6684890,
"Thread": 32833765,
"EventTime": "2021-09-09T06:35:00.010824-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:35:00.220118-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10486008,
"ParentPID": 6684890,
"Thread": 32833765,
"EventTime": "2021-09-09T06:35:00.010824-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:35:00.220950-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 05:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10486008,
"ParentPID": 6684890,
"Thread": 32833765,
"EventTime": "2021-09-09T06:35:00.010824-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:35:00.221724-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10486008,
"ParentPID": 6684890,
"Thread": 32833765,
"EventTime": "2021-09-09T06:35:00.010824-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:35:00.222461-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10486010,
"ParentPID": 6684890,
"Thread": 45678835,
"EventTime": "2021-09-09T06:40:00.022737-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:40:00.143990-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10486010,
"ParentPID": 6684890,
"Thread": 45678835,
"EventTime": "2021-09-09T06:40:00.022737-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:40:00.144819-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 05:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10486010,
"ParentPID": 6684890,
"Thread": 45678835,
"EventTime": "2021-09-09T06:40:00.022737-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:40:00.145575-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10486010,
"ParentPID": 6684890,
"Thread": 45678835,
"EventTime": "2021-09-09T06:40:00.022737-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:40:00.146306-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371890,
"ParentPID": 5439688,
"Thread": 37617675,
"EventTime": "2021-09-09T06:44:37.787340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:44:38.067437-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371892,
"ParentPID": 6684890,
"Thread": 34603237,
"EventTime": "2021-09-09T06:45:00.026727-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:45:00.310334-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371892,
"ParentPID": 6684890,
"Thread": 34603237,
"EventTime": "2021-09-09T06:45:00.026727-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:45:00.311156-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 05:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371892,
"ParentPID": 6684890,
"Thread": 34603237,
"EventTime": "2021-09-09T06:45:00.026727-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:45:00.311916-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371892,
"ParentPID": 6684890,
"Thread": 34603237,
"EventTime": "2021-09-09T06:45:00.026727-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:45:00.312649-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008978432em9qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8978432,
"ParentPID": 10485766,
"Thread": 40042551,
"EventTime": "2021-09-09T06:49:32.697351-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:49:32.913564-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10485774,
"ParentPID": 9371894,
"Thread": 31719425,
"EventTime": "2021-09-09T06:49:32.717343-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:49:32.914376-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008978454eQ9qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8978454,
"ParentPID": 10223674,
"Thread": 40042573,
"EventTime": "2021-09-09T06:49:32.807370-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:49:32.915110-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223676,
"ParentPID": 6684890,
"Thread": 47186173,
"EventTime": "2021-09-09T06:50:00.041422-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:50:00.283176-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223676,
"ParentPID": 6684890,
"Thread": 47186173,
"EventTime": "2021-09-09T06:50:00.041422-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:50:00.284003-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 05:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223676,
"ParentPID": 6684890,
"Thread": 47186173,
"EventTime": "2021-09-09T06:50:00.041422-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:50:00.284770-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223676,
"ParentPID": 6684890,
"Thread": 47186173,
"EventTime": "2021-09-09T06:50:00.041422-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:50:00.285501-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223682,
"ParentPID": 6684890,
"Thread": 42467415,
"EventTime": "2021-09-09T06:55:00.049462-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:55:00.220344-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223682,
"ParentPID": 6684890,
"Thread": 42467415,
"EventTime": "2021-09-09T06:55:00.049462-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:55:00.221170-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 05:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223682,
"ParentPID": 6684890,
"Thread": 42467415,
"EventTime": "2021-09-09T06:55:00.049462-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:55:00.221925-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223682,
"ParentPID": 6684890,
"Thread": 42467415,
"EventTime": "2021-09-09T06:55:00.049462-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T06:55:00.222656-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223684,
"ParentPID": 6684890,
"Thread": 36372551,
"EventTime": "2021-09-09T07:00:00.059613-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:00:00.107722-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223684,
"ParentPID": 6684890,
"Thread": 36372551,
"EventTime": "2021-09-09T07:00:00.059613-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:00:00.108546-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 06:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223684,
"ParentPID": 6684890,
"Thread": 36372551,
"EventTime": "2021-09-09T07:00:00.059613-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:00:00.109302-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223684,
"ParentPID": 6684890,
"Thread": 36372551,
"EventTime": "2021-09-09T07:00:00.059613-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:00:00.110045-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009961492_QCaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9961492,
"ParentPID": 10223696,
"Thread": 36634843,
"EventTime": "2021-09-09T07:04:32.927532-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:04:33.234675-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10223704,
"ParentPID": 10485784,
"Thread": 49414227,
"EventTime": "2021-09-09T07:04:32.947340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:04:33.235488-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009961516-7Caaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9961516,
"ParentPID": 10223706,
"Thread": 36634867,
"EventTime": "2021-09-09T07:04:33.047341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:04:33.236232-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223708,
"ParentPID": 6684890,
"Thread": 34930941,
"EventTime": "2021-09-09T07:05:00.068956-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:05:00.300392-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223708,
"ParentPID": 6684890,
"Thread": 34930941,
"EventTime": "2021-09-09T07:05:00.068956-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:05:00.301221-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 06:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223708,
"ParentPID": 6684890,
"Thread": 34930941,
"EventTime": "2021-09-09T07:05:00.068956-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:05:00.301979-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223708,
"ParentPID": 6684890,
"Thread": 34930941,
"EventTime": "2021-09-09T07:05:00.068956-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:05:00.302725-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.05636142",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9371654,
"ParentPID": 5636142,
"Thread": 35848325,
"EventTime": "2021-09-09T07:05:00.088963-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:05:00.303275-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223710,
"ParentPID": 6684890,
"Thread": 34668579,
"EventTime": "2021-09-09T07:10:00.094243-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:10:00.126867-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223710,
"ParentPID": 6684890,
"Thread": 34668579,
"EventTime": "2021-09-09T07:10:00.094243-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:10:00.127696-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 06:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223710,
"ParentPID": 6684890,
"Thread": 34668579,
"EventTime": "2021-09-09T07:10:00.096340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:10:00.128458-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223710,
"ParentPID": 6684890,
"Thread": 34668579,
"EventTime": "2021-09-09T07:10:00.096340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:10:00.129193-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223712,
"ParentPID": 6684890,
"Thread": 20250793,
"EventTime": "2021-09-09T07:15:00.102717-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:15:00.293178-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10223712,
"ParentPID": 6684890,
"Thread": 20250793,
"EventTime": "2021-09-09T07:15:00.102717-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:15:00.293961-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 06:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10223712,
"ParentPID": 6684890,
"Thread": 20250793,
"EventTime": "2021-09-09T07:15:00.102717-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:15:00.294725-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10223712,
"ParentPID": 6684890,
"Thread": 20250793,
"EventTime": "2021-09-09T07:15:00.106342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:15:00.295460-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009371676V70Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371676,
"ParentPID": 5636152,
"Thread": 49873037,
"EventTime": "2021-09-09T07:19:33.167403-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:19:33.418202-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 5636160,
"ParentPID": 10223714,
"Thread": 41681111,
"EventTime": "2021-09-09T07:19:33.187409-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:19:33.419014-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009371700Wm0Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371700,
"ParentPID": 5636162,
"Thread": 49873061,
"EventTime": "2021-09-09T07:19:33.287461-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:19:33.419750-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636164,
"ParentPID": 6684890,
"Thread": 34668599,
"EventTime": "2021-09-09T07:20:00.111244-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:20:00.173119-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636164,
"ParentPID": 6684890,
"Thread": 34668599,
"EventTime": "2021-09-09T07:20:00.111244-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:20:00.173932-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 06:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636164,
"ParentPID": 6684890,
"Thread": 34668599,
"EventTime": "2021-09-09T07:20:00.111244-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:20:00.174687-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636164,
"ParentPID": 6684890,
"Thread": 34668599,
"EventTime": "2021-09-09T07:20:00.116341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:20:00.175419-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636166,
"ParentPID": 6684890,
"Thread": 50004087,
"EventTime": "2021-09-09T07:25:00.119102-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:25:00.337768-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636166,
"ParentPID": 6684890,
"Thread": 50004087,
"EventTime": "2021-09-09T07:25:00.119102-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:25:00.338596-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 06:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636166,
"ParentPID": 6684890,
"Thread": 50004087,
"EventTime": "2021-09-09T07:25:00.126344-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:25:00.339346-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636166,
"ParentPID": 6684890,
"Thread": 50004087,
"EventTime": "2021-09-09T07:25:00.126344-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:25:00.340084-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636168,
"ParentPID": 6684890,
"Thread": 16646389,
"EventTime": "2021-09-09T07:30:00.130435-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:30:00.230239-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636168,
"ParentPID": 6684890,
"Thread": 16646389,
"EventTime": "2021-09-09T07:30:00.130435-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:30:00.231015-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 06:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636168,
"ParentPID": 6684890,
"Thread": 16646389,
"EventTime": "2021-09-09T07:30:00.136340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:30:00.231764-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636168,
"ParentPID": 6684890,
"Thread": 16646389,
"EventTime": "2021-09-09T07:30:00.136340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:30:00.232491-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-09T07:33:05.529339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:33:05.688483-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0004718758Qmsaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 4718758,
"ParentPID": 5636182,
"Thread": 34930715,
"EventTime": "2021-09-09T07:34:33.407448-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:34:33.459184-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 5636190,
"ParentPID": 9371704,
"Thread": 37552369,
"EventTime": "2021-09-09T07:34:33.427894-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:34:33.459946-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0004718782QYsaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 4718782,
"ParentPID": 5636192,
"Thread": 34930739,
"EventTime": "2021-09-09T07:34:33.527488-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:34:33.767165-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371706,
"ParentPID": 6684890,
"Thread": 37093477,
"EventTime": "2021-09-09T07:35:00.139472-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:35:00.219741-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371706,
"ParentPID": 6684890,
"Thread": 37093477,
"EventTime": "2021-09-09T07:35:00.139472-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:35:00.220514-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 06:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371706,
"ParentPID": 6684890,
"Thread": 37093477,
"EventTime": "2021-09-09T07:35:00.145340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:35:00.221265-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371706,
"ParentPID": 6684890,
"Thread": 37093477,
"EventTime": "2021-09-09T07:35:00.145340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:35:00.221985-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371716,
"ParentPID": 6684890,
"Thread": 40828967,
"EventTime": "2021-09-09T07:40:00.149432-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:40:00.417761-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371716,
"ParentPID": 6684890,
"Thread": 40828967,
"EventTime": "2021-09-09T07:40:00.149432-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:40:00.418584-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 06:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371716,
"ParentPID": 6684890,
"Thread": 40828967,
"EventTime": "2021-09-09T07:40:00.155341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:40:00.419339-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371716,
"ParentPID": 6684890,
"Thread": 40828967,
"EventTime": "2021-09-09T07:40:00.156194-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:40:00.420075-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371722,
"ParentPID": 6684890,
"Thread": 50135277,
"EventTime": "2021-09-09T07:45:00.161877-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:45:00.300175-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371722,
"ParentPID": 6684890,
"Thread": 50135277,
"EventTime": "2021-09-09T07:45:00.161877-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:45:00.301010-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 06:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371722,
"ParentPID": 6684890,
"Thread": 50135277,
"EventTime": "2021-09-09T07:45:00.165340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:45:00.301781-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371722,
"ParentPID": 6684890,
"Thread": 50135277,
"EventTime": "2021-09-09T07:45:00.165340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:45:00.302525-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8978502,
"ParentPID": 5439688,
"Thread": 31719445,
"EventTime": "2021-09-09T07:46:34.217330-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:46:34.330819-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9371726.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9371726,
"ParentPID": 8978502,
"Thread": 49086465,
"EventTime": "2021-09-09T07:46:34.347713-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:46:34.633179-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9371726",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9961562,
"ParentPID": 9371726,
"Thread": 35848353,
"EventTime": "2021-09-09T07:46:34.377722-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:46:34.633993-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9961562,
"ParentPID": 9371726,
"Thread": 35848353,
"EventTime": "2021-09-09T07:46:34.382340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:46:34.634749-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961566aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961566,
"ParentPID": 9371726,
"Thread": 35848357,
"EventTime": "2021-09-09T07:46:34.392340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:46:34.635471-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961566aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961566,
"ParentPID": 9371726,
"Thread": 35848357,
"EventTime": "2021-09-09T07:46:34.397728-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:46:34.636193-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961566aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961566,
"ParentPID": 9371726,
"Thread": 35848357,
"EventTime": "2021-09-09T07:46:34.397728-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:46:34.636904-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9371726/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9961568,
"ParentPID": 9371726,
"Thread": 35848359,
"EventTime": "2021-09-09T07:46:34.407731-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:46:34.637616-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9371726",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9961570,
"ParentPID": 9371726,
"Thread": 35848361,
"EventTime": "2021-09-09T07:46:34.412889-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:46:34.638346-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9371728,
"ParentPID": 8978502,
"Thread": 49086467,
"EventTime": "2021-09-09T07:46:34.412889-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:46:34.639063-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371728,
"ParentPID": 8978502,
"Thread": 49086467,
"EventTime": "2021-09-09T07:46:34.412889-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:46:34.639769-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8978504,
"ParentPID": 5439688,
"Thread": 31719447,
"EventTime": "2021-09-09T07:46:34.930137-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:46:34.943156-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9371730.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9371730,
"ParentPID": 8978504,
"Thread": 49086469,
"EventTime": "2021-09-09T07:46:35.059533-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:46:35.250777-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9371730",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9961586,
"ParentPID": 9371730,
"Thread": 35848377,
"EventTime": "2021-09-09T07:46:35.092340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:46:35.251588-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9961586,
"ParentPID": 9371730,
"Thread": 35848377,
"EventTime": "2021-09-09T07:46:35.099587-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:46:35.252322-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961590aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961590,
"ParentPID": 9371730,
"Thread": 35848381,
"EventTime": "2021-09-09T07:46:35.109590-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:46:35.253081-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961590aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961590,
"ParentPID": 9371730,
"Thread": 35848381,
"EventTime": "2021-09-09T07:46:35.109590-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:46:35.253852-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961590aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961590,
"ParentPID": 9371730,
"Thread": 35848381,
"EventTime": "2021-09-09T07:46:35.112340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:46:35.254564-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.08192000",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 11468964,
"ParentPID": 8192000,
"Thread": 48234703,
"EventTime": "2021-09-09T07:46:35.132340-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:46:35.255096-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9371730/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9961596,
"ParentPID": 9371730,
"Thread": 35848387,
"EventTime": "2021-09-09T07:46:35.132340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:46:35.255816-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9371730",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9961598,
"ParentPID": 9371730,
"Thread": 35848389,
"EventTime": "2021-09-09T07:46:35.132340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:46:35.256521-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9371732,
"ParentPID": 8978504,
"Thread": 49086471,
"EventTime": "2021-09-09T07:46:35.142340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:46:35.257223-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371732,
"ParentPID": 8978504,
"Thread": 49086471,
"EventTime": "2021-09-09T07:46:35.142340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:46:35.257925-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009961620KUCaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9961620,
"ParentPID": 9371748,
"Thread": 36307093,
"EventTime": "2021-09-09T07:49:33.646340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:49:33.816355-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9371756,
"ParentPID": 8978516,
"Thread": 30539847,
"EventTime": "2021-09-09T07:49:33.666428-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:49:33.817209-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009961644LECaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9961644,
"ParentPID": 9371758,
"Thread": 36307117,
"EventTime": "2021-09-09T07:49:33.766341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:49:33.818018-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961648,
"ParentPID": 6684890,
"Thread": 29556837,
"EventTime": "2021-09-09T07:50:00.173787-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:50:00.274681-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961648,
"ParentPID": 6684890,
"Thread": 29556837,
"EventTime": "2021-09-09T07:50:00.173787-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:50:00.275539-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 06:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961648,
"ParentPID": 6684890,
"Thread": 29556837,
"EventTime": "2021-09-09T07:50:00.175340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:50:00.276306-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961648,
"ParentPID": 6684890,
"Thread": 29556837,
"EventTime": "2021-09-09T07:50:00.175340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:50:00.277087-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961650,
"ParentPID": 6684890,
"Thread": 31588421,
"EventTime": "2021-09-09T07:55:00.180005-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:55:00.481223-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961650,
"ParentPID": 6684890,
"Thread": 31588421,
"EventTime": "2021-09-09T07:55:00.180005-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:55:00.482004-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 06:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961650,
"ParentPID": 6684890,
"Thread": 31588421,
"EventTime": "2021-09-09T07:55:00.185340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:55:00.482764-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961650,
"ParentPID": 6684890,
"Thread": 31588421,
"EventTime": "2021-09-09T07:55:00.185340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:55:00.483496-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9961652,
"ParentPID": 5439688,
"Thread": 31588423,
"EventTime": "2021-09-09T07:55:32.246766-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T07:55:32.357973-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961654,
"ParentPID": 6684890,
"Thread": 49283125,
"EventTime": "2021-09-09T08:00:00.190567-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:00:00.341503-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961654,
"ParentPID": 6684890,
"Thread": 49283125,
"EventTime": "2021-09-09T08:00:00.190567-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:00:00.342330-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 07:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961654,
"ParentPID": 6684890,
"Thread": 49283125,
"EventTime": "2021-09-09T08:00:00.190567-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:00:00.343087-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961654,
"ParentPID": 6684890,
"Thread": 49283125,
"EventTime": "2021-09-09T08:00:00.195340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:00:00.343825-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011469000FAHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11469000,
"ParentPID": 9961670,
"Thread": 35389501,
"EventTime": "2021-09-09T08:04:33.889596-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:04:34.097519-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9961678,
"ParentPID": 8978528,
"Thread": 36438229,
"EventTime": "2021-09-09T08:04:33.908854-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:04:34.098339-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011469024GuHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11469024,
"ParentPID": 9961680,
"Thread": 35389525,
"EventTime": "2021-09-09T08:04:34.008921-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:04:34.099076-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961682,
"ParentPID": 6684890,
"Thread": 44630073,
"EventTime": "2021-09-09T08:05:00.200629-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:05:00.248234-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961682,
"ParentPID": 6684890,
"Thread": 44630073,
"EventTime": "2021-09-09T08:05:00.200629-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:05:00.249201-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 07:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961682,
"ParentPID": 6684890,
"Thread": 44630073,
"EventTime": "2021-09-09T08:05:00.200629-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:05:00.249973-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961682,
"ParentPID": 6684890,
"Thread": 44630073,
"EventTime": "2021-09-09T08:05:00.200629-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:05:00.250726-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9961684,
"ParentPID": 5439688,
"Thread": 36438239,
"EventTime": "2021-09-09T08:06:26.192341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:06:26.462435-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9961686,
"ParentPID": 5439688,
"Thread": 36438241,
"EventTime": "2021-09-09T08:06:27.322340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:06:27.369723-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9961688,
"ParentPID": 5439688,
"Thread": 36438243,
"EventTime": "2021-09-09T08:06:27.589417-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:06:27.673165-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9961690,
"ParentPID": 5439688,
"Thread": 36438245,
"EventTime": "2021-09-09T08:06:27.722340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:06:27.983224-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9961692,
"ParentPID": 5439688,
"Thread": 36438247,
"EventTime": "2021-09-09T08:06:27.990524-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:06:28.292144-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9961694,
"ParentPID": 5439688,
"Thread": 36438249,
"EventTime": "2021-09-09T08:06:28.259949-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:06:28.293001-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9961696,
"ParentPID": 5439688,
"Thread": 36438251,
"EventTime": "2021-09-09T08:06:28.522340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:06:28.603130-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9961698,
"ParentPID": 5439688,
"Thread": 36438253,
"EventTime": "2021-09-09T08:06:28.787516-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:06:28.913244-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9961700,
"ParentPID": 5439688,
"Thread": 36438255,
"EventTime": "2021-09-09T08:06:29.043454-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:06:29.214759-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9961702,
"ParentPID": 5439688,
"Thread": 36438257,
"EventTime": "2021-09-09T08:06:29.312340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:06:29.518906-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961704,
"ParentPID": 6684890,
"Thread": 39321687,
"EventTime": "2021-09-09T08:10:00.210409-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:10:00.486097-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961704,
"ParentPID": 6684890,
"Thread": 39321687,
"EventTime": "2021-09-09T08:10:00.210409-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:10:00.486922-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 07:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961704,
"ParentPID": 6684890,
"Thread": 39321687,
"EventTime": "2021-09-09T08:10:00.215340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:10:00.487675-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961704,
"ParentPID": 6684890,
"Thread": 39321687,
"EventTime": "2021-09-09T08:10:00.215340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:10:00.488403-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961706,
"ParentPID": 6684890,
"Thread": 31654021,
"EventTime": "2021-09-09T08:15:00.220214-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:15:00.369698-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961706,
"ParentPID": 6684890,
"Thread": 31654021,
"EventTime": "2021-09-09T08:15:00.220214-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:15:00.370470-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 07:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961706,
"ParentPID": 6684890,
"Thread": 31654021,
"EventTime": "2021-09-09T08:15:00.220214-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:15:00.371222-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961706,
"ParentPID": 6684890,
"Thread": 31654021,
"EventTime": "2021-09-09T08:15:00.220214-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:15:00.371947-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011469046AqHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11469046,
"ParentPID": 8978538,
"Thread": 39256263,
"EventTime": "2021-09-09T08:19:34.128346-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:19:34.156205-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8978546,
"ParentPID": 9961708,
"Thread": 39846059,
"EventTime": "2021-09-09T08:19:34.148354-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:19:34.157029-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011468814BaHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468814,
"ParentPID": 8978548,
"Thread": 39256287,
"EventTime": "2021-09-09T08:19:34.248439-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:19:34.459797-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371794,
"ParentPID": 6684890,
"Thread": 50135043,
"EventTime": "2021-09-09T08:20:00.228762-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:20:00.309149-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371794,
"ParentPID": 6684890,
"Thread": 50135043,
"EventTime": "2021-09-09T08:20:00.228762-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:20:00.309974-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 07:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371794,
"ParentPID": 6684890,
"Thread": 50135043,
"EventTime": "2021-09-09T08:20:00.228762-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:20:00.310726-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371794,
"ParentPID": 6684890,
"Thread": 50135043,
"EventTime": "2021-09-09T08:20:00.228762-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:20:00.311452-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371796,
"ParentPID": 6684890,
"Thread": 41746513,
"EventTime": "2021-09-09T08:25:00.240296-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:25:00.521911-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371796,
"ParentPID": 6684890,
"Thread": 41746513,
"EventTime": "2021-09-09T08:25:00.240296-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:25:00.522675-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 07:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371796,
"ParentPID": 6684890,
"Thread": 41746513,
"EventTime": "2021-09-09T08:25:00.240296-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:25:00.523415-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371796,
"ParentPID": 6684890,
"Thread": 41746513,
"EventTime": "2021-09-09T08:25:00.240296-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:25:00.524135-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.08192050",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9961710,
"ParentPID": 8192050,
"Thread": 39911443,
"EventTime": "2021-09-09T08:25:00.260302-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:25:00.524682-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371798,
"ParentPID": 6684890,
"Thread": 46530751,
"EventTime": "2021-09-09T08:30:00.260995-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:30:00.397895-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371798,
"ParentPID": 6684890,
"Thread": 46530751,
"EventTime": "2021-09-09T08:30:00.260995-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:30:00.398729-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 07:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371798,
"ParentPID": 6684890,
"Thread": 46530751,
"EventTime": "2021-09-09T08:30:00.260995-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:30:00.399482-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371798,
"ParentPID": 6684890,
"Thread": 46530751,
"EventTime": "2021-09-09T08:30:00.260995-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:30:00.400218-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371800,
"ParentPID": 5439688,
"Thread": 46530759,
"EventTime": "2021-09-09T08:32:16.884066-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:17.153102-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8192052.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8192052,
"ParentPID": 9371800,
"Thread": 32112731,
"EventTime": "2021-09-09T08:32:17.020365-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:17.153910-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8192052",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9961726,
"ParentPID": 8192052,
"Thread": 39256307,
"EventTime": "2021-09-09T08:32:17.052150-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:17.154656-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9961726,
"ParentPID": 8192052,
"Thread": 39256307,
"EventTime": "2021-09-09T08:32:17.054417-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:17.155388-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961474aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961474,
"ParentPID": 8192052,
"Thread": 39256311,
"EventTime": "2021-09-09T08:32:17.064420-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:17.156114-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961474aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961474,
"ParentPID": 8192052,
"Thread": 39256311,
"EventTime": "2021-09-09T08:32:17.064420-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:17.156825-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961474aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961474,
"ParentPID": 8192052,
"Thread": 39256311,
"EventTime": "2021-09-09T08:32:17.070340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:17.157530-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8192052/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9961480,
"ParentPID": 8192052,
"Thread": 39256317,
"EventTime": "2021-09-09T08:32:17.080340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:17.158254-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8192052",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9961482,
"ParentPID": 8192052,
"Thread": 39256319,
"EventTime": "2021-09-09T08:32:17.084425-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:17.158961-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8192054,
"ParentPID": 9371800,
"Thread": 32112733,
"EventTime": "2021-09-09T08:32:17.084425-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:17.159665-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192054,
"ParentPID": 9371800,
"Thread": 32112733,
"EventTime": "2021-09-09T08:32:17.084425-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:17.160505-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371802,
"ParentPID": 5439688,
"Thread": 46530761,
"EventTime": "2021-09-09T08:32:18.502175-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:18.670137-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8192056.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8192056,
"ParentPID": 9371802,
"Thread": 32112735,
"EventTime": "2021-09-09T08:32:18.637767-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:18.670950-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8192056",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9961498,
"ParentPID": 8192056,
"Thread": 39256079,
"EventTime": "2021-09-09T08:32:18.669340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:18.979369-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9961498,
"ParentPID": 8192056,
"Thread": 39256079,
"EventTime": "2021-09-09T08:32:18.669340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:18.980141-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961502aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961502,
"ParentPID": 8192056,
"Thread": 39256083,
"EventTime": "2021-09-09T08:32:18.683293-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:18.980933-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961502aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961502,
"ParentPID": 8192056,
"Thread": 39256083,
"EventTime": "2021-09-09T08:32:18.687786-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:18.981662-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961502aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961502,
"ParentPID": 8192056,
"Thread": 39256083,
"EventTime": "2021-09-09T08:32:18.689340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:18.982390-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8192056/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9961508,
"ParentPID": 8192056,
"Thread": 39256089,
"EventTime": "2021-09-09T08:32:18.699829-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:18.983095-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8192056",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9961510,
"ParentPID": 8192056,
"Thread": 39256091,
"EventTime": "2021-09-09T08:32:18.702877-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:18.983808-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8192058,
"ParentPID": 9371802,
"Thread": 32112737,
"EventTime": "2021-09-09T08:32:18.702877-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:18.984591-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192058,
"ParentPID": 9371802,
"Thread": 32112737,
"EventTime": "2021-09-09T08:32:18.702877-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:18.985305-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371804,
"ParentPID": 5439688,
"Thread": 46530763,
"EventTime": "2021-09-09T08:32:20.823429-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:21.094910-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8192060.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8192060,
"ParentPID": 9371804,
"Thread": 32112739,
"EventTime": "2021-09-09T08:32:20.955270-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:21.095724-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8192060",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9961528,
"ParentPID": 8192060,
"Thread": 39256109,
"EventTime": "2021-09-09T08:32:20.985542-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:21.096471-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9961528,
"ParentPID": 8192060,
"Thread": 39256109,
"EventTime": "2021-09-09T08:32:20.993820-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:21.097207-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961532aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961532,
"ParentPID": 8192060,
"Thread": 39256113,
"EventTime": "2021-09-09T08:32:20.999340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:21.097939-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961532aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961532,
"ParentPID": 8192060,
"Thread": 39256113,
"EventTime": "2021-09-09T08:32:21.003823-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:21.098656-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961532aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961532,
"ParentPID": 8192060,
"Thread": 39256113,
"EventTime": "2021-09-09T08:32:21.005326-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:21.099398-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8192060/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9961534,
"ParentPID": 8192060,
"Thread": 39256115,
"EventTime": "2021-09-09T08:32:21.013827-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:21.100144-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8192060",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9961536,
"ParentPID": 8192060,
"Thread": 39256117,
"EventTime": "2021-09-09T08:32:21.019340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:21.100907-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8192062,
"ParentPID": 9371804,
"Thread": 32112741,
"EventTime": "2021-09-09T08:32:21.019340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:21.101624-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192062,
"ParentPID": 9371804,
"Thread": 32112741,
"EventTime": "2021-09-09T08:32:21.019340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:21.102336-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371806,
"ParentPID": 5439688,
"Thread": 46530765,
"EventTime": "2021-09-09T08:32:32.849340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:33.119180-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371808,
"ParentPID": 5439688,
"Thread": 46530767,
"EventTime": "2021-09-09T08:32:34.230179-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:34.331333-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371810,
"ParentPID": 5439688,
"Thread": 46530769,
"EventTime": "2021-09-09T08:32:35.619971-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:35.845332-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371812,
"ParentPID": 5439688,
"Thread": 46530771,
"EventTime": "2021-09-09T08:32:36.999340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:37.058662-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8192064.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8192064,
"ParentPID": 9371812,
"Thread": 32112743,
"EventTime": "2021-09-09T08:32:37.129340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:37.360215-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8192064",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9961552,
"ParentPID": 8192064,
"Thread": 39256133,
"EventTime": "2021-09-09T08:32:37.159340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:37.361037-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9961552,
"ParentPID": 8192064,
"Thread": 39256133,
"EventTime": "2021-09-09T08:32:37.171017-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:37.361778-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961556aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961556,
"ParentPID": 8192064,
"Thread": 39256137,
"EventTime": "2021-09-09T08:32:37.179340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:37.362510-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961556aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961556,
"ParentPID": 8192064,
"Thread": 39256137,
"EventTime": "2021-09-09T08:32:37.179340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:37.363246-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961556aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961556,
"ParentPID": 8192064,
"Thread": 39256137,
"EventTime": "2021-09-09T08:32:37.179340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:37.363963-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8192064/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9961562,
"ParentPID": 8192064,
"Thread": 39256143,
"EventTime": "2021-09-09T08:32:37.194591-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:37.364681-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8192064",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9961564,
"ParentPID": 8192064,
"Thread": 39256145,
"EventTime": "2021-09-09T08:32:37.199424-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:37.365422-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8192066,
"ParentPID": 9371812,
"Thread": 32112745,
"EventTime": "2021-09-09T08:32:37.199424-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:37.366142-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192066,
"ParentPID": 9371812,
"Thread": 32112745,
"EventTime": "2021-09-09T08:32:37.199424-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:37.366857-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371814,
"ParentPID": 5439688,
"Thread": 46530773,
"EventTime": "2021-09-09T08:32:38.461429-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:38.572557-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh8192068.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 8192068,
"ParentPID": 9371814,
"Thread": 32112747,
"EventTime": "2021-09-09T08:32:38.591701-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:38.876711-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.8192068",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9961580,
"ParentPID": 8192068,
"Thread": 39256161,
"EventTime": "2021-09-09T08:32:38.622902-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:38.877533-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9961580,
"ParentPID": 8192068,
"Thread": 39256161,
"EventTime": "2021-09-09T08:32:38.631713-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:38.878275-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961584aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961584,
"ParentPID": 8192068,
"Thread": 39256165,
"EventTime": "2021-09-09T08:32:38.641720-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:38.879008-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961584aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961584,
"ParentPID": 8192068,
"Thread": 39256165,
"EventTime": "2021-09-09T08:32:38.641720-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:38.879775-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9961584aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9961584,
"ParentPID": 8192068,
"Thread": 39256165,
"EventTime": "2021-09-09T08:32:38.644188-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:38.880551-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.8192068/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9961590,
"ParentPID": 8192068,
"Thread": 39256171,
"EventTime": "2021-09-09T08:32:38.651724-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:38.881277-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.8192068",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9961592,
"ParentPID": 8192068,
"Thread": 39256173,
"EventTime": "2021-09-09T08:32:38.659340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:38.882019-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 8192070,
"ParentPID": 9371814,
"Thread": 32112749,
"EventTime": "2021-09-09T08:32:38.661728-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:38.882762-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192070,
"ParentPID": 9371814,
"Thread": 32112749,
"EventTime": "2021-09-09T08:32:38.661728-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:38.883480-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09961594",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 8978612,
"ParentPID": 9961594,
"Thread": 20250653,
"EventTime": "2021-09-09T08:32:38.673445-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:38.884013-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371816,
"ParentPID": 5439688,
"Thread": 46530775,
"EventTime": "2021-09-09T08:32:39.919340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:32:40.096630-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-09T08:33:05.404320-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:33:05.647954-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00099616165YCaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9961616,
"ParentPID": 8192080,
"Thread": 46268419,
"EventTime": "2021-09-09T08:34:34.369298-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:34:34.640417-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 8192088,
"ParentPID": 9371818,
"Thread": 36438049,
"EventTime": "2021-09-09T08:34:34.389063-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:34:34.641252-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00099616406ICaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9961640,
"ParentPID": 8192090,
"Thread": 46268443,
"EventTime": "2021-09-09T08:34:34.489144-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:34:34.641996-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371820,
"ParentPID": 6684890,
"Thread": 31654055,
"EventTime": "2021-09-09T08:35:00.268830-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:35:00.480298-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371820,
"ParentPID": 6684890,
"Thread": 31654055,
"EventTime": "2021-09-09T08:35:00.268830-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:35:00.481141-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 07:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371820,
"ParentPID": 6684890,
"Thread": 31654055,
"EventTime": "2021-09-09T08:35:00.268830-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:35:00.481910-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371820,
"ParentPID": 6684890,
"Thread": 31654055,
"EventTime": "2021-09-09T08:35:00.268830-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:35:00.482655-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371822,
"ParentPID": 6684890,
"Thread": 38076671,
"EventTime": "2021-09-09T08:40:00.284341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:40:00.471704-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371822,
"ParentPID": 6684890,
"Thread": 38076671,
"EventTime": "2021-09-09T08:40:00.284341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:40:00.472489-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 07:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371822,
"ParentPID": 6684890,
"Thread": 38076671,
"EventTime": "2021-09-09T08:40:00.285623-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:40:00.473251-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371822,
"ParentPID": 6684890,
"Thread": 38076671,
"EventTime": "2021-09-09T08:40:00.285623-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:40:00.473988-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 8192094,
"ParentPID": 5439688,
"Thread": 42074213,
"EventTime": "2021-09-09T08:43:30.497758-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:43:30.798405-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192096,
"ParentPID": 6684890,
"Thread": 48758843,
"EventTime": "2021-09-09T08:45:00.294339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:45:00.344235-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192096,
"ParentPID": 6684890,
"Thread": 48758843,
"EventTime": "2021-09-09T08:45:00.294339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:45:00.345105-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 07:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192096,
"ParentPID": 6684890,
"Thread": 48758843,
"EventTime": "2021-09-09T08:45:00.294339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:45:00.345913-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192096,
"ParentPID": 6684890,
"Thread": 48758843,
"EventTime": "2021-09-09T08:45:00.294339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:45:00.346647-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009961662zECaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9961662,
"ParentPID": 9371834,
"Thread": 36438079,
"EventTime": "2021-09-09T08:49:34.607074-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:49:34.709208-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9371842,
"ParentPID": 8192098,
"Thread": 16646183,
"EventTime": "2021-09-09T08:49:34.627085-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:49:34.709969-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC00099616861yCaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9961686,
"ParentPID": 9371844,
"Thread": 36438103,
"EventTime": "2021-09-09T08:49:34.724340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:49:35.015220-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192100,
"ParentPID": 6684890,
"Thread": 29884547,
"EventTime": "2021-09-09T08:50:00.303340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:50:00.534767-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192100,
"ParentPID": 6684890,
"Thread": 29884547,
"EventTime": "2021-09-09T08:50:00.303340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:50:00.535598-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 07:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192100,
"ParentPID": 6684890,
"Thread": 29884547,
"EventTime": "2021-09-09T08:50:00.303340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:50:00.536355-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192100,
"ParentPID": 6684890,
"Thread": 29884547,
"EventTime": "2021-09-09T08:50:00.303340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:50:00.537095-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192102,
"ParentPID": 6684890,
"Thread": 42074239,
"EventTime": "2021-09-09T08:55:00.310554-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:55:00.491972-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 8192102,
"ParentPID": 6684890,
"Thread": 42074239,
"EventTime": "2021-09-09T08:55:00.310554-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:55:00.492744-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 07:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 8192102,
"ParentPID": 6684890,
"Thread": 42074239,
"EventTime": "2021-09-09T08:55:00.310554-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:55:00.493512-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 8192102,
"ParentPID": 6684890,
"Thread": 42074239,
"EventTime": "2021-09-09T08:55:00.310554-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T08:55:00.494289-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371850,
"ParentPID": 6684890,
"Thread": 41156779,
"EventTime": "2021-09-09T09:00:00.322340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:00:00.411341-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371850,
"ParentPID": 6684890,
"Thread": 41156779,
"EventTime": "2021-09-09T09:00:00.322340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:00:00.412160-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 08:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371850,
"ParentPID": 6684890,
"Thread": 41156779,
"EventTime": "2021-09-09T09:00:00.322340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:00:00.412960-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371850,
"ParentPID": 6684890,
"Thread": 41156779,
"EventTime": "2021-09-09T09:00:00.322340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:00:00.413853-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008978658uu9qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8978658,
"ParentPID": 9371862,
"Thread": 47317183,
"EventTime": "2021-09-09T09:04:34.843341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:04:35.033510-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9371870,
"ParentPID": 8192112,
"Thread": 29098091,
"EventTime": "2021-09-09T09:04:34.863484-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:04:35.034342-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485830vaEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485830,
"ParentPID": 9371872,
"Thread": 27656383,
"EventTime": "2021-09-09T09:04:34.956377-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:04:35.035092-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371874,
"ParentPID": 6684890,
"Thread": 31654079,
"EventTime": "2021-09-09T09:05:00.332340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:05:00.588940-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371874,
"ParentPID": 6684890,
"Thread": 31654079,
"EventTime": "2021-09-09T09:05:00.332340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:05:00.589723-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 08:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371874,
"ParentPID": 6684890,
"Thread": 31654079,
"EventTime": "2021-09-09T09:05:00.332340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:05:00.590488-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371874,
"ParentPID": 6684890,
"Thread": 31654079,
"EventTime": "2021-09-09T09:05:00.332340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:05:00.591248-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485838,
"ParentPID": 6684890,
"Thread": 23855173,
"EventTime": "2021-09-09T09:10:00.340652-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:10:00.511931-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485838,
"ParentPID": 6684890,
"Thread": 23855173,
"EventTime": "2021-09-09T09:10:00.340652-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:10:00.512766-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 08:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485838,
"ParentPID": 6684890,
"Thread": 23855173,
"EventTime": "2021-09-09T09:10:00.340652-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:10:00.513575-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485838,
"ParentPID": 6684890,
"Thread": 23855173,
"EventTime": "2021-09-09T09:10:00.340652-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:10:00.514314-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485840,
"ParentPID": 6684890,
"Thread": 43385085,
"EventTime": "2021-09-09T09:15:00.352649-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:15:00.409718-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485840,
"ParentPID": 6684890,
"Thread": 43385085,
"EventTime": "2021-09-09T09:15:00.352649-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:15:00.410548-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 08:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485840,
"ParentPID": 6684890,
"Thread": 43385085,
"EventTime": "2021-09-09T09:15:00.352649-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:15:00.411310-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485840,
"ParentPID": 6684890,
"Thread": 43385085,
"EventTime": "2021-09-09T09:15:00.352649-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:15:00.412048-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009961716paCaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9961716,
"ParentPID": 9371890,
"Thread": 39846099,
"EventTime": "2021-09-09T09:19:35.086871-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:19:35.300115-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9371898,
"ParentPID": 10485842,
"Thread": 31916131,
"EventTime": "2021-09-09T09:19:35.103340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:19:35.300882-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009961484pICaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9961484,
"ParentPID": 9371900,
"Thread": 39846123,
"EventTime": "2021-09-09T09:19:35.203341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:19:35.301627-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485844,
"ParentPID": 6684890,
"Thread": 38207495,
"EventTime": "2021-09-09T09:20:00.362340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:20:00.558811-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485844,
"ParentPID": 6684890,
"Thread": 38207495,
"EventTime": "2021-09-09T09:20:00.362340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:20:00.559634-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 08:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485844,
"ParentPID": 6684890,
"Thread": 38207495,
"EventTime": "2021-09-09T09:20:00.362340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:20:00.560392-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485844,
"ParentPID": 6684890,
"Thread": 38207495,
"EventTime": "2021-09-09T09:20:00.362340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:20:00.561125-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.09371902",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9961486,
"ParentPID": 9371902,
"Thread": 39846125,
"EventTime": "2021-09-09T09:20:00.377252-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:20:00.561675-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485846,
"ParentPID": 6684890,
"Thread": 50004147,
"EventTime": "2021-09-09T09:25:00.382364-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:25:00.391798-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485846,
"ParentPID": 6684890,
"Thread": 50004147,
"EventTime": "2021-09-09T09:25:00.382364-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:25:00.392637-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 08:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485846,
"ParentPID": 6684890,
"Thread": 50004147,
"EventTime": "2021-09-09T09:25:00.382364-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:25:00.393398-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485846,
"ParentPID": 6684890,
"Thread": 50004147,
"EventTime": "2021-09-09T09:25:00.382364-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:25:00.394132-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485848,
"ParentPID": 6684890,
"Thread": 48758867,
"EventTime": "2021-09-09T09:30:00.392220-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:30:00.613693-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485848,
"ParentPID": 6684890,
"Thread": 48758867,
"EventTime": "2021-09-09T09:30:00.392220-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:30:00.614462-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 08:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485848,
"ParentPID": 6684890,
"Thread": 48758867,
"EventTime": "2021-09-09T09:30:00.392220-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:30:00.615210-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485848,
"ParentPID": 6684890,
"Thread": 48758867,
"EventTime": "2021-09-09T09:30:00.392220-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:30:00.615943-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-09T09:33:05.285363-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:33:05.421358-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009961508jICaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9961508,
"ParentPID": 9371656,
"Thread": 43253801,
"EventTime": "2021-09-09T09:34:35.322341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:34:35.589263-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9371664,
"ParentPID": 10485852,
"Thread": 38207529,
"EventTime": "2021-09-09T09:34:35.342424-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:34:35.590072-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009961532kyCaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9961532,
"ParentPID": 9371666,
"Thread": 43253825,
"EventTime": "2021-09-09T09:34:35.440620-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:34:35.590802-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371668,
"ParentPID": 6684890,
"Thread": 37617765,
"EventTime": "2021-09-09T09:35:00.406126-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:35:00.540466-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371668,
"ParentPID": 6684890,
"Thread": 37617765,
"EventTime": "2021-09-09T09:35:00.406126-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:35:00.541283-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 08:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371668,
"ParentPID": 6684890,
"Thread": 37617765,
"EventTime": "2021-09-09T09:35:00.406126-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:35:00.542107-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371668,
"ParentPID": 6684890,
"Thread": 37617765,
"EventTime": "2021-09-09T09:35:00.411340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:35:00.542896-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371670,
"ParentPID": 6684890,
"Thread": 42860759,
"EventTime": "2021-09-09T09:40:00.416545-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:40:00.717496-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9371670,
"ParentPID": 6684890,
"Thread": 42860759,
"EventTime": "2021-09-09T09:40:00.416545-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:40:00.718319-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 08:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9371670,
"ParentPID": 6684890,
"Thread": 42860759,
"EventTime": "2021-09-09T09:40:00.416545-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:40:00.719067-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9371670,
"ParentPID": 6684890,
"Thread": 42860759,
"EventTime": "2021-09-09T09:40:00.416545-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:40:00.719793-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371672,
"ParentPID": 5439688,
"Thread": 42860767,
"EventTime": "2021-09-09T09:42:08.697340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:42:08.748120-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9961534.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9961534,
"ParentPID": 9371672,
"Thread": 43253829,
"EventTime": "2021-09-09T09:42:08.827415-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:42:09.049568-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9961534",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 8978446,
"ParentPID": 9961534,
"Thread": 38207561,
"EventTime": "2021-09-09T09:42:08.867425-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:42:09.050382-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 8978446,
"ParentPID": 9961534,
"Thread": 38207561,
"EventTime": "2021-09-09T09:42:08.867425-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:42:09.051117-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm8978450aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8978450,
"ParentPID": 9961534,
"Thread": 38207565,
"EventTime": "2021-09-09T09:42:08.877428-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:42:09.051845-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm8978450aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8978450,
"ParentPID": 9961534,
"Thread": 38207565,
"EventTime": "2021-09-09T09:42:08.877428-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:42:09.052568-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm8978450aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8978450,
"ParentPID": 9961534,
"Thread": 38207565,
"EventTime": "2021-09-09T09:42:08.887340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:42:09.053276-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9961534/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 8978456,
"ParentPID": 9961534,
"Thread": 38207571,
"EventTime": "2021-09-09T09:42:08.898635-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:42:09.053987-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9961534",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 8978458,
"ParentPID": 9961534,
"Thread": 38207573,
"EventTime": "2021-09-09T09:42:08.898635-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:42:09.054722-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9961536,
"ParentPID": 9371672,
"Thread": 43253831,
"EventTime": "2021-09-09T09:42:08.898635-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:42:09.055432-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9961536,
"ParentPID": 9371672,
"Thread": 43253831,
"EventTime": "2021-09-09T09:42:08.898635-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:42:09.056139-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9371674,
"ParentPID": 5439688,
"Thread": 42860769,
"EventTime": "2021-09-09T09:42:10.471677-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:42:10.562922-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh9961538.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 9961538,
"ParentPID": 9371674,
"Thread": 43253833,
"EventTime": "2021-09-09T09:42:10.602048-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:42:10.868172-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.9961538",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 8978474,
"ParentPID": 9961538,
"Thread": 38207589,
"EventTime": "2021-09-09T09:42:10.637340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:42:10.868976-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 8978474,
"ParentPID": 9961538,
"Thread": 38207589,
"EventTime": "2021-09-09T09:42:10.642062-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:42:10.869718-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm8978478aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8978478,
"ParentPID": 9961538,
"Thread": 38207593,
"EventTime": "2021-09-09T09:42:10.652065-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:42:10.870440-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm8978478aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8978478,
"ParentPID": 9961538,
"Thread": 38207593,
"EventTime": "2021-09-09T09:42:10.652065-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:42:10.871162-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm8978478aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 8978478,
"ParentPID": 9961538,
"Thread": 38207593,
"EventTime": "2021-09-09T09:42:10.657340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:42:10.871870-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.9961538/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 8978484,
"ParentPID": 9961538,
"Thread": 38207599,
"EventTime": "2021-09-09T09:42:10.667340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:42:10.872582-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.9961538",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 8978486,
"ParentPID": 9961538,
"Thread": 38207601,
"EventTime": "2021-09-09T09:42:10.672108-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:42:10.873316-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 9961540,
"ParentPID": 9371674,
"Thread": 43253835,
"EventTime": "2021-09-09T09:42:10.672108-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:42:10.874026-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9961540,
"ParentPID": 9371674,
"Thread": 43253835,
"EventTime": "2021-09-09T09:42:10.672108-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:42:10.874734-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961544,
"ParentPID": 6684890,
"Thread": 46071865,
"EventTime": "2021-09-09T09:45:00.425674-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:45:00.616185-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961544,
"ParentPID": 6684890,
"Thread": 46071865,
"EventTime": "2021-09-09T09:45:00.425674-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:45:00.617017-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 08:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961544,
"ParentPID": 6684890,
"Thread": 46071865,
"EventTime": "2021-09-09T09:45:00.425674-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:45:00.617784-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961544,
"ParentPID": 6684890,
"Thread": 46071865,
"EventTime": "2021-09-09T09:45:00.425674-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:45:00.618518-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008978508ey9qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8978508,
"ParentPID": 9371686,
"Thread": 28508229,
"EventTime": "2021-09-09T09:49:35.561341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:49:35.601553-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9371694,
"ParentPID": 9961546,
"Thread": 50004181,
"EventTime": "2021-09-09T09:49:35.581340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:49:35.602338-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0008978532fe9qaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 8978532,
"ParentPID": 9371696,
"Thread": 28508253,
"EventTime": "2021-09-09T09:49:35.681364-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:49:35.909688-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961548,
"ParentPID": 6684890,
"Thread": 36765719,
"EventTime": "2021-09-09T09:50:00.436494-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:50:00.559588-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961548,
"ParentPID": 6684890,
"Thread": 36765719,
"EventTime": "2021-09-09T09:50:00.436494-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:50:00.560370-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 08:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961548,
"ParentPID": 6684890,
"Thread": 36765719,
"EventTime": "2021-09-09T09:50:00.436494-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:50:00.561132-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961548,
"ParentPID": 6684890,
"Thread": 36765719,
"EventTime": "2021-09-09T09:50:00.436494-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:50:00.561953-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 9961550,
"ParentPID": 5439688,
"Thread": 33423401,
"EventTime": "2021-09-09T09:51:09.723538-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:51:09.969254-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961552,
"ParentPID": 6684890,
"Thread": 33423411,
"EventTime": "2021-09-09T09:55:00.443477-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:55:00.684877-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961552,
"ParentPID": 6684890,
"Thread": 33423411,
"EventTime": "2021-09-09T09:55:00.443477-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:55:00.685701-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 08:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961552,
"ParentPID": 6684890,
"Thread": 33423411,
"EventTime": "2021-09-09T09:55:00.443477-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:55:00.686462-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961552,
"ParentPID": 6684890,
"Thread": 33423411,
"EventTime": "2021-09-09T09:55:00.450340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:55:00.687195-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10485870",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9044010,
"ParentPID": 10485870,
"Thread": 37617781,
"EventTime": "2021-09-09T09:55:00.463483-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T09:55:00.687744-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961554,
"ParentPID": 6684890,
"Thread": 36765739,
"EventTime": "2021-09-09T10:00:00.470340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:00:00.601210-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961554,
"ParentPID": 6684890,
"Thread": 36765739,
"EventTime": "2021-09-09T10:00:00.470340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:00:00.602049-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 09:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961554,
"ParentPID": 6684890,
"Thread": 36765739,
"EventTime": "2021-09-09T10:00:00.470340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:00:00.602817-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961554,
"ParentPID": 6684890,
"Thread": 36765739,
"EventTime": "2021-09-09T10:00:00.470340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:00:00.603562-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009044032-e97aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9044032,
"ParentPID": 9961566,
"Thread": 39256215,
"EventTime": "2021-09-09T10:04:35.801340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:04:35.880746-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9961574,
"ParentPID": 10485876,
"Thread": 47972577,
"EventTime": "2021-09-09T10:04:35.821340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:04:35.881610-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009044056-Q97aa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9044056,
"ParentPID": 9961576,
"Thread": 39256239,
"EventTime": "2021-09-09T10:04:35.921340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:04:36.191441-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961578,
"ParentPID": 6684890,
"Thread": 41681151,
"EventTime": "2021-09-09T10:05:00.480340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:05:00.533630-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961578,
"ParentPID": 6684890,
"Thread": 41681151,
"EventTime": "2021-09-09T10:05:00.480340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:05:00.534450-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 09:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961578,
"ParentPID": 6684890,
"Thread": 41681151,
"EventTime": "2021-09-09T10:05:00.480340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:05:00.535214-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961578,
"ParentPID": 6684890,
"Thread": 41681151,
"EventTime": "2021-09-09T10:05:00.480340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:05:00.535960-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961580,
"ParentPID": 6684890,
"Thread": 30277761,
"EventTime": "2021-09-09T10:10:00.490999-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:10:00.742180-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961580,
"ParentPID": 6684890,
"Thread": 30277761,
"EventTime": "2021-09-09T10:10:00.490999-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:10:00.742964-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 09:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961580,
"ParentPID": 6684890,
"Thread": 30277761,
"EventTime": "2021-09-09T10:10:00.490999-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:10:00.743722-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961580,
"ParentPID": 6684890,
"Thread": 30277761,
"EventTime": "2021-09-09T10:10:00.490999-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:10:00.744460-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961582,
"ParentPID": 6684890,
"Thread": 31588465,
"EventTime": "2021-09-09T10:15:00.500340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:15:00.671650-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961582,
"ParentPID": 6684890,
"Thread": 31588465,
"EventTime": "2021-09-09T10:15:00.500340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:15:00.672479-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 09:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961582,
"ParentPID": 6684890,
"Thread": 31588465,
"EventTime": "2021-09-09T10:15:00.500340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:15:00.673243-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961582,
"ParentPID": 6684890,
"Thread": 31588465,
"EventTime": "2021-09-09T10:15:00.500340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:15:00.673987-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485898VMEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485898,
"ParentPID": 9044066,
"Thread": 38207651,
"EventTime": "2021-09-09T10:19:36.046527-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:19:36.159282-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9044074,
"ParentPID": 9961584,
"Thread": 39256263,
"EventTime": "2021-09-09T10:19:36.062485-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:19:36.160050-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485922W7Eaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485922,
"ParentPID": 9044076,
"Thread": 38207675,
"EventTime": "2021-09-09T10:19:36.160340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:19:36.461146-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961586,
"ParentPID": 6684890,
"Thread": 36438137,
"EventTime": "2021-09-09T10:20:00.503905-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:20:00.516042-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961586,
"ParentPID": 6684890,
"Thread": 36438137,
"EventTime": "2021-09-09T10:20:00.503905-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:20:00.516812-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 09:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961586,
"ParentPID": 6684890,
"Thread": 36438137,
"EventTime": "2021-09-09T10:20:00.503905-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:20:00.517569-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961586,
"ParentPID": 6684890,
"Thread": 36438137,
"EventTime": "2021-09-09T10:20:00.503905-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:20:00.518301-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961588,
"ParentPID": 6684890,
"Thread": 45220089,
"EventTime": "2021-09-09T10:25:00.522469-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:25:00.753982-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961588,
"ParentPID": 6684890,
"Thread": 45220089,
"EventTime": "2021-09-09T10:25:00.522469-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:25:00.754815-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 09:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961588,
"ParentPID": 6684890,
"Thread": 45220089,
"EventTime": "2021-09-09T10:25:00.522469-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:25:00.755569-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961588,
"ParentPID": 6684890,
"Thread": 45220089,
"EventTime": "2021-09-09T10:25:00.522469-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:25:00.756311-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961590,
"ParentPID": 6684890,
"Thread": 30146717,
"EventTime": "2021-09-09T10:30:00.529820-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:30:00.610864-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961590,
"ParentPID": 6684890,
"Thread": 30146717,
"EventTime": "2021-09-09T10:30:00.529820-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:30:00.611700-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 09:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961590,
"ParentPID": 6684890,
"Thread": 30146717,
"EventTime": "2021-09-09T10:30:00.529820-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:30:00.612466-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961590,
"ParentPID": 6684890,
"Thread": 30146717,
"EventTime": "2021-09-09T10:30:00.529820-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:30:00.613216-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-09T10:33:05.159879-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:33:05.385773-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0004718674Q3saaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 4718674,
"ParentPID": 10485932,
"Thread": 39256293,
"EventTime": "2021-09-09T10:34:36.290341-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:34:36.465424-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10485940,
"ParentPID": 9961594,
"Thread": 31916213,
"EventTime": "2021-09-09T10:34:36.304478-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:34:36.466235-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0004718698Rmsaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 4718698,
"ParentPID": 10485942,
"Thread": 39256317,
"EventTime": "2021-09-09T10:34:36.404391-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:34:36.466972-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961596,
"ParentPID": 6684890,
"Thread": 49807449,
"EventTime": "2021-09-09T10:35:00.540424-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:35:00.817803-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961596,
"ParentPID": 6684890,
"Thread": 49807449,
"EventTime": "2021-09-09T10:35:00.540424-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:35:00.818632-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 09:35:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961596,
"ParentPID": 6684890,
"Thread": 49807449,
"EventTime": "2021-09-09T10:35:00.540424-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:35:00.819458-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961596,
"ParentPID": 6684890,
"Thread": 49807449,
"EventTime": "2021-09-09T10:35:00.540424-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:35:00.820207-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961598,
"ParentPID": 6684890,
"Thread": 44105777,
"EventTime": "2021-09-09T10:40:00.550500-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:40:00.665006-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 9961598,
"ParentPID": 6684890,
"Thread": 44105777,
"EventTime": "2021-09-09T10:40:00.550500-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:40:00.665829-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 09:40:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 9961598,
"ParentPID": 6684890,
"Thread": 44105777,
"EventTime": "2021-09-09T10:40:00.550500-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:40:00.666581-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 9961598,
"ParentPID": 6684890,
"Thread": 44105777,
"EventTime": "2021-09-09T10:40:00.550500-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:40:00.667310-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485946,
"ParentPID": 6684890,
"Thread": 49086507,
"EventTime": "2021-09-09T10:45:00.559465-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:45:00.568877-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485946,
"ParentPID": 6684890,
"Thread": 49086507,
"EventTime": "2021-09-09T10:45:00.559465-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:45:00.569707-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 09:45:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485946,
"ParentPID": 6684890,
"Thread": 49086507,
"EventTime": "2021-09-09T10:45:00.559465-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:45:00.570527-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485946,
"ParentPID": 6684890,
"Thread": 49086507,
"EventTime": "2021-09-09T10:45:00.564740-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:45:00.571266-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0004718720Lisaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 4718720,
"ParentPID": 9961610,
"Thread": 23855221,
"EventTime": "2021-09-09T10:49:36.530348-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:49:36.737519-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 9961618,
"ParentPID": 10485948,
"Thread": 41680931,
"EventTime": "2021-09-09T10:49:36.546360-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:49:36.738337-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.10223750",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9961620,
"ParentPID": 10223750,
"Thread": 41680933,
"EventTime": "2021-09-09T10:49:36.570344-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:49:36.738889-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011468886LUHMaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11468886,
"ParentPID": 5636270,
"Thread": 44892267,
"EventTime": "2021-09-09T10:49:36.640340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:49:36.739618-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636272,
"ParentPID": 6684890,
"Thread": 35389585,
"EventTime": "2021-09-09T10:50:00.575519-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:50:00.803906-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636272,
"ParentPID": 6684890,
"Thread": 35389585,
"EventTime": "2021-09-09T10:50:00.575519-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:50:00.804731-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 09:50:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636272,
"ParentPID": 6684890,
"Thread": 35389585,
"EventTime": "2021-09-09T10:50:00.575519-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:50:00.805494-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636272,
"ParentPID": 6684890,
"Thread": 35389585,
"EventTime": "2021-09-09T10:50:00.575519-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:50:00.806224-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636274,
"ParentPID": 6684890,
"Thread": 28573837,
"EventTime": "2021-09-09T10:55:00.586266-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:55:00.731752-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636274,
"ParentPID": 6684890,
"Thread": 28573837,
"EventTime": "2021-09-09T10:55:00.586266-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:55:00.732526-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 09:55:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636274,
"ParentPID": 6684890,
"Thread": 28573837,
"EventTime": "2021-09-09T10:55:00.586266-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:55:00.733284-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636274,
"ParentPID": 6684890,
"Thread": 28573837,
"EventTime": "2021-09-09T10:55:00.586266-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T10:55:00.734012-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636276,
"ParentPID": 6684890,
"Thread": 27656409,
"EventTime": "2021-09-09T11:00:00.590297-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:00:00.651280-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 5636276,
"ParentPID": 6684890,
"Thread": 27656409,
"EventTime": "2021-09-09T11:00:00.590297-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:00:00.652104-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 10:00:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 5636276,
"ParentPID": 6684890,
"Thread": 27656409,
"EventTime": "2021-09-09T11:00:00.590297-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:00:00.652861-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 5636276,
"ParentPID": 6684890,
"Thread": 27656409,
"EventTime": "2021-09-09T11:00:00.598340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:00:00.653593-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0011010222FQGaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 11010222,
"ParentPID": 5636288,
"Thread": 41680977,
"EventTime": "2021-09-09T11:04:36.759797-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:04:36.836803-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 5636296,
"ParentPID": 11468892,
"Thread": 14483623,
"EventTime": "2021-09-09T11:04:36.783877-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:04:36.837564-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0010485974GAEaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 10485974,
"ParentPID": 4718738,
"Thread": 42729675,
"EventTime": "2021-09-09T11:04:36.879834-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:04:37.140169-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 4718740,
"ParentPID": 6684890,
"Thread": 27656421,
"EventTime": "2021-09-09T11:05:00.603451-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:05:00.895062-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 4718740,
"ParentPID": 6684890,
"Thread": 27656421,
"EventTime": "2021-09-09T11:05:00.603451-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:05:00.895886-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 10:05:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 4718740,
"ParentPID": 6684890,
"Thread": 27656421,
"EventTime": "2021-09-09T11:05:00.603451-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:05:00.896639-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 4718740,
"ParentPID": 6684890,
"Thread": 27656421,
"EventTime": "2021-09-09T11:05:00.603451-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:05:00.897372-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718742,
"ParentPID": 5439688,
"Thread": 50659415,
"EventTime": "2021-09-09T11:07:21.659949-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:07:21.851412-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718744,
"ParentPID": 5439688,
"Thread": 50659417,
"EventTime": "2021-09-09T11:07:22.693340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:07:22.763919-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718746,
"ParentPID": 5439688,
"Thread": 50659419,
"EventTime": "2021-09-09T11:07:22.963590-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:07:23.067161-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718748,
"ParentPID": 5439688,
"Thread": 50659421,
"EventTime": "2021-09-09T11:07:23.086957-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:07:23.368738-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718750,
"ParentPID": 5439688,
"Thread": 50659423,
"EventTime": "2021-09-09T11:07:23.354543-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:07:23.369488-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718752,
"ParentPID": 5439688,
"Thread": 50659425,
"EventTime": "2021-09-09T11:07:23.625208-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:07:23.671138-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718754,
"ParentPID": 5439688,
"Thread": 50659427,
"EventTime": "2021-09-09T11:07:23.895896-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:07:23.972535-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718756,
"ParentPID": 5439688,
"Thread": 50659429,
"EventTime": "2021-09-09T11:07:24.167074-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:07:24.274143-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718758,
"ParentPID": 5439688,
"Thread": 50659431,
"EventTime": "2021-09-09T11:07:24.427463-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:07:24.578526-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 4718760,
"ParentPID": 5439688,
"Thread": 50659433,
"EventTime": "2021-09-09T11:07:24.688021-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:07:24.884144-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 4718762,
"ParentPID": 6684890,
"Thread": 32571555,
"EventTime": "2021-09-09T11:10:00.615605-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:10:00.893890-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 4718762,
"ParentPID": 6684890,
"Thread": 32571555,
"EventTime": "2021-09-09T11:10:00.615605-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:10:00.894701-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 10:10:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 4718762,
"ParentPID": 6684890,
"Thread": 32571555,
"EventTime": "2021-09-09T11:10:00.617394-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:10:00.895447-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 4718762,
"ParentPID": 6684890,
"Thread": 32571555,
"EventTime": "2021-09-09T11:10:00.617394-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:10:00.896173-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 4718764,
"ParentPID": 6684890,
"Thread": 50659451,
"EventTime": "2021-09-09T11:15:00.625749-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:15:00.792638-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 4718764,
"ParentPID": 6684890,
"Thread": 50659451,
"EventTime": "2021-09-09T11:15:00.625749-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:15:00.793457-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 10:15:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 4718764,
"ParentPID": 6684890,
"Thread": 50659451,
"EventTime": "2021-09-09T11:15:00.625749-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:15:00.794209-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 4718764,
"ParentPID": 6684890,
"Thread": 50659451,
"EventTime": "2021-09-09T11:15:00.628340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:15:00.794928-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009371782A70Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371782,
"ParentPID": 10485984,
"Thread": 42729703,
"EventTime": "2021-09-09T11:19:36.999827-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:19:37.189218-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /dev",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "ps",
"PID": 10485992,
"ParentPID": 4718766,
"Thread": 33423459,
"EventTime": "2021-09-09T11:19:37.021463-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:19:37.190035-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /dev/.SRC-unix/SRC0009371806Bq0Maa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "lssrc",
"PID": 9371806,
"ParentPID": 10485994,
"Thread": 42729727,
"EventTime": "2021-09-09T11:19:37.120647-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:19:37.190770-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485996,
"ParentPID": 6684890,
"Thread": 32571575,
"EventTime": "2021-09-09T11:20:00.635083-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:20:00.914854-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485996,
"ParentPID": 6684890,
"Thread": 32571575,
"EventTime": "2021-09-09T11:20:00.635083-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:20:00.915623-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 10:20:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485996,
"ParentPID": 6684890,
"Thread": 32571575,
"EventTime": "2021-09-09T11:20:00.635083-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:20:00.916371-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485996,
"ParentPID": 6684890,
"Thread": 32571575,
"EventTime": "2021-09-09T11:20:00.635083-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:20:00.917101-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485998,
"ParentPID": 6684890,
"Thread": 48627885,
"EventTime": "2021-09-09T11:25:00.646397-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:25:00.817467-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10485998,
"ParentPID": 6684890,
"Thread": 48627885,
"EventTime": "2021-09-09T11:25:00.646397-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:25:00.818232-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 10:25:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10485998,
"ParentPID": 6684890,
"Thread": 48627885,
"EventTime": "2021-09-09T11:25:00.646397-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:25:00.819030-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10485998,
"ParentPID": 6684890,
"Thread": 48627885,
"EventTime": "2021-09-09T11:25:00.648340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:25:00.819813-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10486000,
"ParentPID": 6684890,
"Thread": 40370423,
"EventTime": "2021-09-09T11:30:00.655571-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:30:00.695954-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "audit object read event detected /etc/security/passwd",
"Status": 0,
"EventType": "S_PASSWD_READ",
"Command": "cron",
"PID": 10486000,
"ParentPID": 6684890,
"Thread": 40370423,
"EventTime": "2021-09-09T11:30:00.655571-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:30:00.696727-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "event = start cron job cmd = /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null time = Thu Aug 19 10:30:00 2021\n",
"Status": 0,
"EventType": "CRON_Start",
"Command": "cron",
"PID": 10486000,
"ParentPID": 6684890,
"Thread": 40370423,
"EventTime": "2021-09-09T11:30:00.655571-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:30:00.697486-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "cron",
"PID": 10486000,
"ParentPID": 6684890,
"Thread": 40370423,
"EventTime": "2021-09-09T11:30:00.655571-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:30:00.698231-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10486004,
"ParentPID": 5439688,
"Thread": 46989525,
"EventTime": "2021-09-09T11:33:01.181340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:01.300112-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10223770.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10223770,
"ParentPID": 10486004,
"Thread": 42401881,
"EventTime": "2021-09-09T11:33:01.311340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:01.602196-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10223770",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9961662,
"ParentPID": 10223770,
"Thread": 38862981,
"EventTime": "2021-09-09T11:33:01.351363-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:01.603051-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9961662,
"ParentPID": 10223770,
"Thread": 38862981,
"EventTime": "2021-09-09T11:33:01.351363-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:01.603787-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9371810aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9371810,
"ParentPID": 10223770,
"Thread": 33423477,
"EventTime": "2021-09-09T11:33:01.379327-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:01.604511-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /audit/tempfile.04718774",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "compress",
"PID": 9961666,
"ParentPID": 4718774,
"Thread": 38862985,
"EventTime": "2021-09-09T11:33:01.379327-04:00",
"Login": "root",
"Real": "builder",
"LoginUID": 0,
"RealUID": 206,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:01.605055-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9371810aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9371810,
"ParentPID": 10223770,
"Thread": 33423477,
"EventTime": "2021-09-09T11:33:01.379327-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:01.605769-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9371810aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9371810,
"ParentPID": 10223770,
"Thread": 33423477,
"EventTime": "2021-09-09T11:33:01.384381-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:01.606484-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10223770/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9371812,
"ParentPID": 10223770,
"Thread": 33423479,
"EventTime": "2021-09-09T11:33:01.393190-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:01.607217-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10223770",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9371814,
"ParentPID": 10223770,
"Thread": 33423481,
"EventTime": "2021-09-09T11:33:01.393190-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:01.607932-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10223772,
"ParentPID": 10486004,
"Thread": 42401883,
"EventTime": "2021-09-09T11:33:01.399333-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:01.608645-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223772,
"ParentPID": 10486004,
"Thread": 42401883,
"EventTime": "2021-09-09T11:33:01.399333-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:01.609349-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10486006,
"ParentPID": 5439688,
"Thread": 46989527,
"EventTime": "2021-09-09T11:33:02.053464-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:02.214280-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10223774.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10223774,
"ParentPID": 10486006,
"Thread": 42401885,
"EventTime": "2021-09-09T11:33:02.184929-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:02.215042-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10223774",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9371830,
"ParentPID": 10223774,
"Thread": 33423497,
"EventTime": "2021-09-09T11:33:02.222502-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:02.522247-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9371830,
"ParentPID": 10223774,
"Thread": 33423497,
"EventTime": "2021-09-09T11:33:02.231342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:02.523064-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9371834aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9371834,
"ParentPID": 10223774,
"Thread": 33423501,
"EventTime": "2021-09-09T11:33:02.240128-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:02.523803-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9371834aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9371834,
"ParentPID": 10223774,
"Thread": 33423501,
"EventTime": "2021-09-09T11:33:02.241340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:02.524554-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9371834aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9371834,
"ParentPID": 10223774,
"Thread": 33423501,
"EventTime": "2021-09-09T11:33:02.241552-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:02.525285-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10223774/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9371836,
"ParentPID": 10223774,
"Thread": 33423503,
"EventTime": "2021-09-09T11:33:02.251554-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:02.526003-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10223774",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9371838,
"ParentPID": 10223774,
"Thread": 33423505,
"EventTime": "2021-09-09T11:33:02.251554-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:02.526723-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10223776,
"ParentPID": 10486006,
"Thread": 42401887,
"EventTime": "2021-09-09T11:33:02.251554-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:02.527467-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223776,
"ParentPID": 10486006,
"Thread": 42401887,
"EventTime": "2021-09-09T11:33:02.251554-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:02.528187-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10486008,
"ParentPID": 5439688,
"Thread": 46989529,
"EventTime": "2021-09-09T11:33:03.384469-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:03.435523-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10223778.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10223778,
"ParentPID": 10486008,
"Thread": 42401889,
"EventTime": "2021-09-09T11:33:03.514823-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:03.742197-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10223778",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9371854,
"ParentPID": 10223778,
"Thread": 33423521,
"EventTime": "2021-09-09T11:33:03.544834-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:03.743011-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9371854,
"ParentPID": 10223778,
"Thread": 33423521,
"EventTime": "2021-09-09T11:33:03.554837-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:03.743749-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9371858aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9371858,
"ParentPID": 10223778,
"Thread": 33423525,
"EventTime": "2021-09-09T11:33:03.564840-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:03.744483-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9371858aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9371858,
"ParentPID": 10223778,
"Thread": 33423525,
"EventTime": "2021-09-09T11:33:03.564840-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:03.745210-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9371858aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9371858,
"ParentPID": 10223778,
"Thread": 33423525,
"EventTime": "2021-09-09T11:33:03.564840-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:03.745932-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10223778/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9371860,
"ParentPID": 10223778,
"Thread": 33423527,
"EventTime": "2021-09-09T11:33:03.574843-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:03.746642-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10223778",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9371862,
"ParentPID": 10223778,
"Thread": 33423529,
"EventTime": "2021-09-09T11:33:03.581340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:03.747369-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10223780,
"ParentPID": 10486008,
"Thread": 42401891,
"EventTime": "2021-09-09T11:33:03.584846-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:03.748082-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223780,
"ParentPID": 10486008,
"Thread": 42401891,
"EventTime": "2021-09-09T11:33:03.584846-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:03.748789-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "frompath: /etc/ntp.drift.TEMP topath: /etc/ntp.drift",
"Status": 0,
"EventType": "FILE_Rename",
"Command": "xntpd",
"PID": 5374138,
"ParentPID": 3997920,
"Thread": 22872285,
"EventTime": "2021-09-09T11:33:05.041339-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:05.250838-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10486010,
"ParentPID": 5439688,
"Thread": 46989531,
"EventTime": "2021-09-09T11:33:07.201427-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:07.365731-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/sh10223782.1",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "ksh",
"PID": 10223782,
"ParentPID": 10486010,
"Thread": 42401893,
"EventTime": "2021-09-09T11:33:07.211340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:07.366495-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "mode: 700 dir: /tmp/oslevel.0.10223782",
"Status": 0,
"EventType": "FS_Mkdir",
"Command": "rm_mlcache_file",
"PID": 9371878,
"ParentPID": 10223782,
"Thread": 33423545,
"EventTime": "2021-09-09T11:33:07.244552-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:07.367238-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/.oslevel.datafiles/.oslevel.lock",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm_mlcache_file",
"PID": 9371878,
"ParentPID": 10223782,
"Thread": 33423545,
"EventTime": "2021-09-09T11:33:07.251467-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:07.367963-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9371882aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9371882,
"ParentPID": 10223782,
"Thread": 33423549,
"EventTime": "2021-09-09T11:33:07.261340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:07.368694-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9371882aaaaa",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9371882,
"ParentPID": 10223782,
"Thread": 33423549,
"EventTime": "2021-09-09T11:33:07.261340-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:07.369411-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /var/tmp/stm9371882aaaab",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "sort",
"PID": 9371882,
"ParentPID": 10223782,
"Thread": 33423549,
"EventTime": "2021-09-09T11:33:07.264561-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:07.370125-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "filename /tmp/oslevel.0.10223782/.oslevel.mlinfo",
"Status": 0,
"EventType": "FILE_Unlink",
"Command": "rm",
"PID": 9371884,
"ParentPID": 10223782,
"Thread": 33423551,
"EventTime": "2021-09-09T11:33:07.274707-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:07.370856-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "remove of directory: /tmp/oslevel.0.10223782",
"Status": 0,
"EventType": "FS_Rmdir",
"Command": "rm",
"PID": 9371886,
"ParentPID": 10223782,
"Thread": 33423553,
"EventTime": "2021-09-09T11:33:07.274707-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:07.371602-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change root directory to: /var/empty",
"Status": 0,
"EventType": "FS_Chroot",
"Command": "sshd",
"PID": 10223784,
"ParentPID": 10486010,
"Thread": 42401895,
"EventTime": "2021-09-09T11:33:07.281342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:07.372331-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
},
{
"Verbose": "change current directory to: /",
"Status": 0,
"EventType": "FS_Chdir",
"Command": "sshd",
"PID": 10223784,
"ParentPID": 10486010,
"Thread": 42401895,
"EventTime": "2021-09-09T11:33:07.281342-04:00",
"Login": "root",
"Real": "root",
"LoginUID": 0,
"RealUID": 0,
"WPARkey": 0,
"WPARname": "Global",
"EventReceivedTime": "2021-09-09T11:33:07.373162-04:00",
"SourceModuleName": "aixaudit",
"SourceModuleType": "im_aixaudit",
"Hostname": "p1220-pvm1.p1220.cecc.ihost.com",
"MessageSourceAddress": "10.10.0.3"
}
]
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку