2020-06-10T12:50:20.119-0600 I  NETWORK  [listener] connection accepted from 172.27.8.10:52194 #305535 (23 connections now open)
2020-06-10T12:50:20.120-0600 I  NETWORK  [listener] connection accepted from 172.27.8.10:52196 #305536 (24 connections now open)
2020-06-10T12:50:20.120-0600 I  NETWORK  [conn305535] received client metadata from 172.27.8.10:52194 conn305535: { driver: { name: "NetworkInterfaceTL", version: "4.2.6" }, os: { type: "Linux", name: "CentOS Linux release 7.6.1810 (Core) ", architecture: "x86_64", version: "Kernel 3.10.0-957.21.3.el7.x86_64" } }
2020-06-10T12:50:20.120-0600 I  NETWORK  [conn305536] received client metadata from 172.27.8.10:52196 conn305536: { driver: { name: "NetworkInterfaceTL", version: "4.2.6" }, os: { type: "Linux", name: "CentOS Linux release 7.6.1810 (Core) ", architecture: "x86_64", version: "Kernel 3.10.0-957.21.3.el7.x86_64" } }
2020-06-10T12:50:20.163-0600 I  ACCESS   [conn305535] Successfully authenticated as principal __system on local from client 172.27.8.10:52194
2020-06-10T12:50:20.163-0600 I  ACCESS   [conn305536] Successfully authenticated as principal __system on local from client 172.27.8.10:52196
2020-06-10T12:50:29.245-0600 I  NETWORK  [listener] connection accepted from 172.28.16.20:48679 #305537 (25 connections now open)
2020-06-10T12:50:29.246-0600 I  NETWORK  [conn305537] received client metadata from 172.28.16.20:48679 conn305537: { driver: { name: "nodejs", version: "3.5.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-327.3.1.el7.x86_64" }, platform: "'Node.js v10.13.0, LE (legacy)" }
2020-06-10T12:50:29.252-0600 I  ACCESS   [conn305537] Successfully authenticated as principal monitor on admin from client 172.28.16.20:48679
2020-06-10T12:50:29.410-0600 I  NETWORK  [conn305537] end connection 172.28.16.20:48679 (24 connections now open)
2020-06-10T12:50:30.968-0600 I  NETWORK  [listener] connection accepted from 172.27.16.34:56091 #305538 (25 connections now open)
2020-06-10T12:50:30.969-0600 I  NETWORK  [conn305538] received client metadata from 172.27.16.34:56091 conn305538: { driver: { name: "nodejs", version: "3.5.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-327.18.2.el7.x86_64" }, platform: "'Node.js v10.13.0, LE (legacy)" }
2020-06-10T12:50:30.983-0600 I  ACCESS   [conn305538] Successfully authenticated as principal monitor on admin from client 172.27.16.34:56091
2020-06-10T12:50:31.358-0600 I  NETWORK  [conn305538] end connection 172.27.16.34:56091 (24 connections now open)
2020-06-10T12:50:31.877-0600 I  NETWORK  [listener] connection accepted from 172.27.16.34:56104 #305539 (25 connections now open)
2020-06-10T12:50:31.878-0600 I  NETWORK  [conn305539] received client metadata from 172.27.16.34:56104 conn305539: { driver: { name: "nodejs", version: "3.5.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-327.18.2.el7.x86_64" }, platform: "'Node.js v10.13.0, LE (legacy)" }
2020-06-10T12:50:31.887-0600 I  ACCESS   [conn305539] Successfully authenticated as principal monitor on admin from client 172.27.16.34:56104
2020-06-10T12:50:32.365-0600 I  NETWORK  [conn305539] end connection 172.27.16.34:56104 (24 connections now open)
2020-06-10T12:50:33.239-0600 I  NETWORK  [listener] connection accepted from 172.28.16.20:48713 #305540 (25 connections now open)
2020-06-10T12:50:33.239-0600 I  NETWORK  [conn305540] received client metadata from 172.28.16.20:48713 conn305540: { driver: { name: "nodejs", version: "3.5.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-327.3.1.el7.x86_64" }, platform: "'Node.js v10.13.0, LE (legacy)" }
2020-06-10T12:50:33.244-0600 I  ACCESS   [conn305540] Successfully authenticated as principal monitor on admin from client 172.28.16.20:48713
2020-06-10T12:50:33.310-0600 I  NETWORK  [conn305540] end connection 172.28.16.20:48713 (24 connections now open)
2020-06-10T12:50:33.868-0600 I  NETWORK  [listener] connection accepted from 172.27.16.34:56108 #305541 (25 connections now open)
2020-06-10T12:50:33.868-0600 I  NETWORK  [conn305541] received client metadata from 172.27.16.34:56108 conn305541: { driver: { name: "nodejs", version: "3.5.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-327.18.2.el7.x86_64" }, platform: "'Node.js v10.13.0, LE (legacy)" }
2020-06-10T12:50:33.872-0600 I  ACCESS   [conn305541] Successfully authenticated as principal monitor on admin from client 172.27.16.34:56108
2020-06-10T12:50:34.072-0600 I  NETWORK  [conn305541] end connection 172.27.16.34:56108 (24 connections now open)
2020-06-10T12:50:34.238-0600 I  NETWORK  [listener] connection accepted from 172.28.16.20:48730 #305542 (25 connections now open)
2020-06-10T12:50:34.239-0600 I  NETWORK  [conn305542] received client metadata from 172.28.16.20:48730 conn305542: { driver: { name: "nodejs", version: "3.5.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-327.3.1.el7.x86_64" }, platform: "'Node.js v10.13.0, LE (legacy)" }
2020-06-10T12:50:34.245-0600 I  ACCESS   [conn305542] Successfully authenticated as principal monitor on admin from client 172.28.16.20:48730
2020-06-10T12:50:34.303-0600 I  NETWORK  [conn305542] end connection 172.28.16.20:48730 (24 connections now open)
2020-06-10T12:50:36.255-0600 I  NETWORK  [listener] connection accepted from 172.28.16.20:48747 #305543 (25 connections now open)
2020-06-10T12:50:36.255-0600 I  NETWORK  [conn305543] received client metadata from 172.28.16.20:48747 conn305543: { driver: { name: "nodejs", version: "3.5.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-327.3.1.el7.x86_64" }, platform: "'Node.js v10.13.0, LE (legacy)" }
2020-06-10T12:50:36.260-0600 I  ACCESS   [conn305543] Successfully authenticated as principal monitor on admin from client 172.28.16.20:48747
2020-06-10T12:50:36.648-0600 I  NETWORK  [conn305543] end connection 172.28.16.20:48747 (24 connections now open)
2020-06-10T12:50:38.237-0600 I  NETWORK  [listener] connection accepted from 172.28.16.20:48755 #305544 (25 connections now open)
2020-06-10T12:50:38.237-0600 I  NETWORK  [conn305544] received client metadata from 172.28.16.20:48755 conn305544: { driver: { name: "nodejs", version: "3.5.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-327.3.1.el7.x86_64" }, platform: "'Node.js v10.13.0, LE (legacy)" }
2020-06-10T12:50:38.239-0600 I  ACCESS   [conn305544] Successfully authenticated as principal monitor on admin from client 172.28.16.20:48755
2020-06-10T12:50:38.252-0600 I  NETWORK  [conn305544] end connection 172.28.16.20:48755 (24 connections now open)
2020-06-10T12:50:38.867-0600 I  NETWORK  [listener] connection accepted from 172.27.16.34:56117 #305545 (25 connections now open)
2020-06-10T12:50:38.867-0600 I  NETWORK  [conn305545] received client metadata from 172.27.16.34:56117 conn305545: { driver: { name: "nodejs", version: "3.5.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-327.18.2.el7.x86_64" }, platform: "'Node.js v10.13.0, LE (legacy)" }
2020-06-10T12:50:38.870-0600 I  ACCESS   [conn305545] Successfully authenticated as principal monitor on admin from client 172.27.16.34:56117
2020-06-10T12:50:38.886-0600 I  NETWORK  [conn305545] end connection 172.27.16.34:56117 (24 connections now open)
2020-06-10T12:50:39.241-0600 I  NETWORK  [listener] connection accepted from 172.28.16.20:48759 #305546 (25 connections now open)
2020-06-10T12:50:39.242-0600 I  NETWORK  [conn305546] received client metadata from 172.28.16.20:48759 conn305546: { driver: { name: "nodejs", version: "3.5.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-327.3.1.el7.x86_64" }, platform: "'Node.js v10.13.0, LE (legacy)" }
2020-06-10T12:50:39.246-0600 I  ACCESS   [conn305546] Successfully authenticated as principal monitor on admin from client 172.28.16.20:48759
2020-06-10T12:50:39.591-0600 I  NETWORK  [conn305546] end connection 172.28.16.20:48759 (24 connections now open)
2020-06-10T12:50:41.243-0600 I  NETWORK  [listener] connection accepted from 172.28.16.20:48770 #305547 (25 connections now open)
2020-06-10T12:50:41.243-0600 I  NETWORK  [conn305547] received client metadata from 172.28.16.20:48770 conn305547: { driver: { name: "nodejs", version: "3.5.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-327.3.1.el7.x86_64" }, platform: "'Node.js v10.13.0, LE (legacy)" }
2020-06-10T12:50:41.247-0600 I  ACCESS   [conn305547] Successfully authenticated as principal monitor on admin from client 172.28.16.20:48770
2020-06-10T12:50:41.274-0600 I  NETWORK  [conn305547] end connection 172.28.16.20:48770 (24 connections now open)
2020-06-10T12:50:42.608-0600 I  NETWORK  [listener] connection accepted from 172.27.8.11:53008 #305548 (25 connections now open)
2020-06-10T12:50:42.609-0600 I  NETWORK  [conn305548] received client metadata from 172.27.8.11:53008 conn305548: { driver: { name: "NetworkInterfaceTL", version: "4.2.6" }, os: { type: "Linux", name: "CentOS Linux release 7.6.1810 (Core) ", architecture: "x86_64", version: "Kernel 3.10.0-957.21.3.el7.x86_64" } }
2020-06-10T12:50:42.630-0600 I  ACCESS   [conn305548] Successfully authenticated as principal __system on local from client 172.27.8.11:53008
2020-06-10T12:50:45.877-0600 I  NETWORK  [listener] connection accepted from 172.27.16.34:56122 #305549 (26 connections now open)
2020-06-10T12:50:45.877-0600 I  NETWORK  [listener] connection accepted from 172.27.16.34:56123 #305550 (27 connections now open)
2020-06-10T12:50:45.878-0600 I  NETWORK  [conn305549] received client metadata from 172.27.16.34:56122 conn305549: { driver: { name: "nodejs", version: "3.5.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-327.18.2.el7.x86_64" }, platform: "'Node.js v10.13.0, LE (legacy)" }
2020-06-10T12:50:45.878-0600 I  NETWORK  [conn305550] received client metadata from 172.27.16.34:56123 conn305550: { driver: { name: "nodejs", version: "3.5.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-327.18.2.el7.x86_64" }, platform: "'Node.js v10.13.0, LE (legacy)" }
2020-06-10T12:50:45.882-0600 I  ACCESS   [conn305549] Successfully authenticated as principal monitor on admin from client 172.27.16.34:56122
2020-06-10T12:50:45.882-0600 I  ACCESS   [conn305550] Successfully authenticated as principal monitor on admin from client 172.27.16.34:56123
2020-06-10T12:50:45.901-0600 I  NETWORK  [conn305550] end connection 172.27.16.34:56123 (26 connections now open)
2020-06-10T12:50:45.947-0600 I  NETWORK  [conn305549] end connection 172.27.16.34:56122 (25 connections now open)
2020-06-10T12:51:14.347-0600 I  NETWORK  [conn305115] end connection 172.27.16.22:48746 (24 connections now open)
2020-06-10T12:51:14.348-0600 I  NETWORK  [listener] connection accepted from 172.27.16.22:50154 #305551 (25 connections now open)
2020-06-10T12:51:14.348-0600 I  NETWORK  [conn305551] received client metadata from 172.27.16.22:50154 conn305551: { driver: { name: "mongo-go-driver", version: "v1.1.4" }, os: { type: "linux", architecture: "amd64" }, platform: "go1.13.10" }
2020-06-10T12:51:15.482-0600 I  SHARDING [ChunkSplitter-375] request split points lookup for chunk metric.elasticstatmetrichours { : 7094529239043992762 } -->> { : MaxKey }
2020-06-10T12:51:15.483-0600 W  SHARDING [ChunkSplitter-375] possible low cardinality key detected in metric.elasticstatmetrichours - range { : 7094529239043992762 } -->> { : MaxKey } contains only the key { item: 7094529239043992762 }
2020-06-10T12:51:15.665-0600 I  COMMAND  [conn305506] command netflow.flows command: aggregate { aggregate: "flows", pipeline: [ { $match: { company: ObjectId('55a013e73683dfcd3c383001'), timeMs: { $gte: 1591814700000.0, $lt: 1591815000000.0 }, source: ObjectId('55a6a9c9b8c18ce214e582d2'), packet.firewallEvent: { $in: [ 5, null ] } } }, { $group: { _id: { ipv4SrcAddr: "$packet.ipv4_src_addr", source: "$source" }, timeMs: { $first: "$timeMs" }, count: { $sum: 1 }, packet_responderOctets: { $sum: "$packet.responderOctets" }, packet_initiatorOctets: { $sum: "$packet.initiatorOctets" }, packet_in_bytes: { $sum: "$packet.in_bytes" }, packet_in_pkts: { $sum: "$packet.in_pkts" }, packet_responderPackets: { $sum: "$packet.responderPackets" }, packet_initiatorPackets: { $sum: "$packet.initiatorPackets" }, packet_ipv4_src_addr_host: { $first: "$packet.ipv4_src_addr_host" }, packet_ipv4_src_addr: { $first: "$packet.ipv4_src_addr" }, packet_ipv4_src_addr_device_name: { $first: "$packet.ipv4_src_addr_device.name" }, packet_ipv4_src_addr_device_id: { $first: "$packet.ipv4_src_addr_device.id" } } }, { $project: { timeMs: 1, count: 1, stats.responderOctets: "$packet_responderOctets", stats.initiatorOctets: "$packet_initiatorOctets", stats.in_bytes: "$packet_in_bytes", stats.in_pkts: "$packet_in_pkts", stats.responderPackets: "$packet_responderPackets", stats.initiatorPackets: "$packet_initiatorPackets", stats.totalBytes: { $add: [ "$packet_responderOctets", "$packet_initiatorOctets", "$packet_in_bytes" ] }, stats.totalPackets: { $add: [ "$packet_responderPackets", "$packet_initiatorPackets", "$packet_in_pkts" ] }, attributes.ipv4SrcAddrHost: { $cond: { if: "$packet_ipv4_src_addr_host", then: "$packet_ipv4_src_addr_host", else: "$packet_ipv4_src_addr" } }, attributes.ipv4SrcAddrDeviceName: "$packet_ipv4_src_addr_device_name", attributes.ipv4SrcAddrDevice: "$packet_ipv4_src_addr_device_id" } }, { $sort: { stats.totalBytes: -1 } }, { $limit: 200 } ], allowDiskUse: true, fromMongos: true, cursor: { batchSize: 100 }, useNewUpsert: true, shardVersion: [ Timestamp(0, 0), ObjectId('000000000000000000000000') ], $clusterTime: { clusterTime: Timestamp(1591815066, 1), signature: { hash: BinData(0, 94FFF1290F8BEDB6F9FB8F9F5606AEB554DB60EF), keyId: 6829344041860071455 } }, $audit: { $impersonatedUsers: [ { user: "node", db: "metric" } ], $impersonatedRoles: [ { role: "readWrite", db: "metric" }, { role: "readWrite", db: "report" }, { role: "readWrite", db: "gavtest" }, { role: "readWrite", db: "config" }, { role: "readWrite", db: "snapshot" }, { role: "readWrite", db: "netflow" } ] }, $client: { driver: { name: "nodejs", version: "3.2.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-957.5.1.el7.x86_64" }, platform: "Node.js v10.13.0, LE, mongodb-core: 3.2.7", mongos: { host: "slc-stage-mongos11:27017", client: "172.27.16.28:39694", version: "4.2.6" } }, $configServerState: { opTime: { ts: Timestamp(1591815066, 1), t: 13 } }, $db: "netflow" } planSummary: IXSCAN { company: 1, source: 1, timeMs: 1 } cursorid:8081965400957941426 keysExamined:117915 docsExamined:117915 hasSortStage:1 numYields:932 nreturned:100 queryHash:0BAB9910 planCacheKey:F6364D2C reslen:36092 locks:{ ReplicationStateTransition: { acquireCount: { w: 956 } }, Global: { acquireCount: { r: 956 } }, Database: { acquireCount: { r: 956 } }, Collection: { acquireCount: { r: 956 } }, Mutex: { acquireCount: { r: 25 } } } storage:{} protocol:op_msg 1217ms
2020-06-10T12:51:17.121-0600 I  COMMAND  [conn305535] command netflow.flows command: aggregate { aggregate: "flows", pipeline: [ { $match: { company: ObjectId('55a013e73683dfcd3c383001'), timeMs: { $gte: 1591814700000.0, $lt: 1591815000000.0 }, source: ObjectId('55a6a9c9b8c18ce214e582d2'), packet.firewallEvent: { $in: [ 5, null ] } } }, { $group: { _id: { ipv4DstAddr: "$packet.ipv4_dst_addr", source: "$source" }, timeMs: { $first: "$timeMs" }, count: { $sum: 1 }, packet_responderOctets: { $sum: "$packet.responderOctets" }, packet_initiatorOctets: { $sum: "$packet.initiatorOctets" }, packet_in_bytes: { $sum: "$packet.in_bytes" }, packet_in_pkts: { $sum: "$packet.in_pkts" }, packet_responderPackets: { $sum: "$packet.responderPackets" }, packet_initiatorPackets: { $sum: "$packet.initiatorPackets" }, packet_ipv4_dst_addr_host: { $first: "$packet.ipv4_dst_addr_host" }, packet_ipv4_dst_addr: { $first: "$packet.ipv4_dst_addr" }, packet_ipv4_dst_addr_device_name: { $first: "$packet.ipv4_dst_addr_device.name" }, packet_ipv4_dst_addr_device_id: { $first: "$packet.ipv4_dst_addr_device.id" } } }, { $project: { timeMs: 1, count: 1, stats.responderOctets: "$packet_responderOctets", stats.initiatorOctets: "$packet_initiatorOctets", stats.in_bytes: "$packet_in_bytes", stats.in_pkts: "$packet_in_pkts", stats.responderPackets: "$packet_responderPackets", stats.initiatorPackets: "$packet_initiatorPackets", stats.totalBytes: { $add: [ "$packet_responderOctets", "$packet_initiatorOctets", "$packet_in_bytes" ] }, stats.totalPackets: { $add: [ "$packet_responderPackets", "$packet_initiatorPackets", "$packet_in_pkts" ] }, attributes.ipv4DstAddrHost: { $cond: { if: "$packet_ipv4_dst_addr_host", then: "$packet_ipv4_dst_addr_host", else: "$packet_ipv4_dst_addr" } }, attributes.ipv4DstAddrDeviceName: "$packet_ipv4_dst_addr_device_name", attributes.ipv4DstAddrDevice: "$packet_ipv4_dst_addr_device_id" } }, { $sort: { stats.totalBytes: -1 } }, { $limit: 200 } ], allowDiskUse: true, fromMongos: true, cursor: { batchSize: 100 }, useNewUpsert: true, shardVersion: [ Timestamp(0, 0), ObjectId('000000000000000000000000') ], $clusterTime: { clusterTime: Timestamp(1591815066, 1), signature: { hash: BinData(0, 94FFF1290F8BEDB6F9FB8F9F5606AEB554DB60EF), keyId: 6829344041860071455 } }, $audit: { $impersonatedUsers: [ { user: "node", db: "metric" } ], $impersonatedRoles: [ { role: "readWrite", db: "metric" }, { role: "readWrite", db: "report" }, { role: "readWrite", db: "gavtest" }, { role: "readWrite", db: "config" }, { role: "readWrite", db: "snapshot" }, { role: "readWrite", db: "netflow" } ] }, $client: { driver: { name: "nodejs", version: "3.2.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-957.5.1.el7.x86_64" }, platform: "Node.js v10.13.0, LE, mongodb-core: 3.2.7", mongos: { host: "slc-stage-mongos11:27017", client: "172.27.16.28:39702", version: "4.2.6" } }, $configServerState: { opTime: { ts: Timestamp(1591815066, 1), t: 13 } }, $db: "netflow" } planSummary: IXSCAN { company: 1, source: 1, timeMs: 1 } cursorid:5515044033049025228 keysExamined:117915 docsExamined:117915 hasSortStage:1 numYields:933 nreturned:100 queryHash:0BAB9910 planCacheKey:F6364D2C reslen:36243 locks:{ ReplicationStateTransition: { acquireCount: { w: 956 } }, Global: { acquireCount: { r: 956 } }, Database: { acquireCount: { r: 956 } }, Collection: { acquireCount: { r: 956 } }, Mutex: { acquireCount: { r: 24 } } } storage:{} protocol:op_msg 1173ms
2020-06-10T12:51:18.731-0600 I  COMMAND  [conn305536] command netflow.flows command: aggregate { aggregate: "flows", pipeline: [ { $match: { company: ObjectId('55a013e73683dfcd3c383001'), timeMs: { $gte: 1591814700000.0, $lt: 1591815000000.0 }, source: ObjectId('55a6a9c9b8c18ce214e582d2'), packet.firewallEvent: { $in: [ 5, null ] } } }, { $group: { _id: { ipv4SrcAddr: "$packet.ipv4_src_addr", ipv4DstAddr: "$packet.ipv4_dst_addr", source: "$source" }, timeMs: { $first: "$timeMs" }, count: { $sum: 1 }, packet_responderOctets: { $sum: "$packet.responderOctets" }, packet_initiatorOctets: { $sum: "$packet.initiatorOctets" }, packet_in_bytes: { $sum: "$packet.in_bytes" }, packet_in_pkts: { $sum: "$packet.in_pkts" }, packet_responderPackets: { $sum: "$packet.responderPackets" }, packet_initiatorPackets: { $sum: "$packet.initiatorPackets" }, packet_ipv4_src_addr_host: { $first: "$packet.ipv4_src_addr_host" }, packet_ipv4_src_addr: { $first: "$packet.ipv4_src_addr" }, packet_ipv4_src_addr_device_name: { $first: "$packet.ipv4_src_addr_device.name" }, packet_ipv4_src_addr_device_id: { $first: "$packet.ipv4_src_addr_device.id" }, packet_ipv4_dst_addr_host: { $first: "$packet.ipv4_dst_addr_host" }, packet_ipv4_dst_addr: { $first: "$packet.ipv4_dst_addr" }, packet_ipv4_dst_addr_device_name: { $first: "$packet.ipv4_dst_addr_device.name" }, packet_ipv4_dst_addr_device_id: { $first: "$packet.ipv4_dst_addr_device.id" } } }, { $project: { timeMs: 1, count: 1, stats.responderOctets: "$packet_responderOctets", stats.initiatorOctets: "$packet_initiatorOctets", stats.in_bytes: "$packet_in_bytes", stats.in_pkts: "$packet_in_pkts", stats.responderPackets: "$packet_responderPackets", stats.initiatorPackets: "$packet_initiatorPackets", stats.totalBytes: { $add: [ "$packet_responderOctets", "$packet_initiatorOctets", "$packet_in_bytes" ] }, stats.totalPackets: { $add: [ "$packet_responderPackets", "$packet_initiatorPackets", "$packet_in_pkts" ] }, attributes.ipv4SrcAddrHost: { $cond: { if: "$packet_ipv4_src_addr_host", then: "$packet_ipv4_src_addr_host", else: "$packet_ipv4_src_addr" } }, attributes.ipv4SrcAddrDeviceName: "$packet_ipv4_src_addr_device_name", attributes.ipv4SrcAddrDevice: "$packet_ipv4_src_addr_device_id", attributes.ipv4DstAddrHost: { $cond: { if: "$packet_ipv4_dst_addr_host", then: "$packet_ipv4_dst_addr_host", else: "$packet_ipv4_dst_addr" } }, attributes.ipv4DstAddrDeviceName: "$packet_ipv4_dst_addr_device_name", attributes.ipv4DstAddrDevice: "$packet_ipv4_dst_addr_device_id" } }, { $sort: { stats.totalBytes: -1 } }, { $limit: 200 } ], allowDiskUse: true, fromMongos: true, cursor: { batchSize: 100 }, useNewUpsert: true, shardVersion: [ Timestamp(0, 0), ObjectId('000000000000000000000000') ], $clusterTime: { clusterTime: Timestamp(1591815076, 1), signature: { hash: BinData(0, DA6D2A0014B852E68A4304B1976CC9E5A0988A0E), keyId: 6829344041860071455 } }, $audit: { $impersonatedUsers: [ { user: "node", db: "metric" } ], $impersonatedRoles: [ { role: "readWrite", db: "metric" }, { role: "readWrite", db: "report" }, { role: "readWrite", db: "gavtest" }, { role: "readWrite", db: "config" }, { role: "readWrite", db: "snapshot" }, { role: "readWrite", db: "netflow" } ] }, $client: { driver: { name: "nodejs", version: "3.2.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-957.5.1.el7.x86_64" }, platform: "Node.js v10.13.0, LE, mongodb-core: 3.2.7", mongos: { host: "slc-stage-mongos11:27017", client: "172.27.16.28:39694", version: "4.2.6" } }, $configServerState: { opTime: { ts: Timestamp(1591815076, 1), t: 13 } }, $db: "netflow" } planSummary: IXSCAN { company: 1, source: 1, timeMs: 1 } cursorid:2908582665802357092 keysExamined:117915 docsExamined:117915 hasSortStage:1 numYields:932 nreturned:100 queryHash:0BAB9910 planCacheKey:F6364D2C reslen:46874 locks:{ ReplicationStateTransition: { acquireCount: { w: 959 } }, Global: { acquireCount: { r: 959 } }, Database: { acquireCount: { r: 959 } }, Collection: { acquireCount: { r: 959 } }, Mutex: { acquireCount: { r: 28 } } } storage:{} protocol:op_msg 1393ms
2020-06-10T12:51:20.417-0600 I  NETWORK  [conn305505] end connection 172.27.8.10:52186 (24 connections now open)
2020-06-10T12:51:20.429-0600 I  COMMAND  [conn305506] command netflow.flows command: aggregate { aggregate: "flows", pipeline: [ { $match: { company: ObjectId('55a013e73683dfcd3c383001'), timeMs: { $gte: 1591814700000.0, $lt: 1591815000000.0 }, source: ObjectId('55a6a9c9b8c18ce214e582d2'), packet.firewallEvent: { $in: [ 5, null ] }, ifInput: { $exists: true }, ifOutput: { $exists: true } } }, { $group: { _id: { ifInput: "$ifInput", ifOutput: "$ifOutput", source: "$source" }, timeMs: { $first: "$timeMs" }, count: { $sum: 1 }, packet_responderOctets: { $sum: "$packet.responderOctets" }, packet_initiatorOctets: { $sum: "$packet.initiatorOctets" }, packet_in_bytes: { $sum: "$packet.in_bytes" }, packet_in_pkts: { $sum: "$packet.in_pkts" }, packet_responderPackets: { $sum: "$packet.responderPackets" }, packet_initiatorPackets: { $sum: "$packet.initiatorPackets" }, ifInputName: { $first: "$ifInputName" }, ifOutputName: { $first: "$ifOutputName" } } }, { $project: { timeMs: 1, count: 1, stats.responderOctets: "$packet_responderOctets", stats.initiatorOctets: "$packet_initiatorOctets", stats.in_bytes: "$packet_in_bytes", stats.in_pkts: "$packet_in_pkts", stats.responderPackets: "$packet_responderPackets", stats.initiatorPackets: "$packet_initiatorPackets", stats.totalBytes: { $add: [ "$packet_responderOctets", "$packet_initiatorOctets", "$packet_in_bytes" ] }, stats.totalPackets: { $add: [ "$packet_responderPackets", "$packet_initiatorPackets", "$packet_in_pkts" ] }, attributes.ifInputName: "$ifInputName", attributes.ifOutputName: "$ifOutputName" } }, { $sort: { stats.totalBytes: -1 } }, { $limit: 200 } ], allowDiskUse: true, fromMongos: true, cursor: { batchSize: 100 }, useNewUpsert: true, shardVersion: [ Timestamp(0, 0), ObjectId('000000000000000000000000') ], $clusterTime: { clusterTime: Timestamp(1591815076, 1), signature: { hash: BinData(0, DA6D2A0014B852E68A4304B1976CC9E5A0988A0E), keyId: 6829344041860071455 } }, $audit: { $impersonatedUsers: [ { user: "node", db: "metric" } ], $impersonatedRoles: [ { role: "readWrite", db: "metric" }, { role: "readWrite", db: "report" }, { role: "readWrite", db: "gavtest" }, { role: "readWrite", db: "config" }, { role: "readWrite", db: "snapshot" }, { role: "readWrite", db: "netflow" } ] }, $client: { driver: { name: "nodejs", version: "3.2.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-957.5.1.el7.x86_64" }, platform: "Node.js v10.13.0, LE, mongodb-core: 3.2.7", mongos: { host: "slc-stage-mongos11:27017", client: "172.27.16.28:39702", version: "4.2.6" } }, $configServerState: { opTime: { ts: Timestamp(1591815076, 1), t: 13 } }, $db: "netflow" } planSummary: IXSCAN { company: 1, source: 1, timeMs: 1 } keysExamined:117915 docsExamined:117915 hasSortStage:1 cursorExhausted:1 numYields:934 nreturned:15 queryHash:2B94FAFF planCacheKey:C08A2EC2 reslen:6374 locks:{ ReplicationStateTransition: { acquireCount: { w: 960 } }, Global: { acquireCount: { r: 960 } }, Database: { acquireCount: { r: 960 } }, Collection: { acquireCount: { r: 960 } }, Mutex: { acquireCount: { r: 27 } } } storage:{} protocol:op_msg 1430ms
2020-06-10T12:51:25.251-0600 I  COMMAND  [conn305506] command netflow.flows command: aggregate { aggregate: "flows", pipeline: [ { $match: { company: ObjectId('55a013e73683dfcd3c383001'), timeMs: { $gte: 1591814700000.0, $lt: 1591815000000.0 }, source: ObjectId('55a6a9c9b8c18ce214e582d2'), packet.firewallEvent: { $in: [ 5, null ] }, packet.protocol: { $in: [ 6, 17 ] } } }, { $group: { _id: { ipv4SrcAddr: "$packet.ipv4_src_addr", l4SrcPort: { $cond: { if: "$packet.l4_src_port", then: "$packet.l4_src_port", else: "$packet.ipv4_src_port" } }, ipv4DstAddr: "$packet.ipv4_dst_addr", l4DstPort: { $cond: { if: "$packet.l4_dst_port", then: "$packet.l4_dst_port", else: "$packet.ipv4_dst_port" } }, source: "$source" }, timeMs: { $first: "$timeMs" }, count: { $sum: 1 }, packet_responderOctets: { $sum: "$packet.responderOctets" }, packet_initiatorOctets: { $sum: "$packet.initiatorOctets" }, packet_in_bytes: { $sum: "$packet.in_bytes" }, packet_in_pkts: { $sum: "$packet.in_pkts" }, packet_responderPackets: { $sum: "$packet.responderPackets" }, packet_initiatorPackets: { $sum: "$packet.initiatorPackets" }, packet_ipv4_src_addr_host: { $first: "$packet.ipv4_src_addr_host" }, packet_ipv4_src_addr: { $first: "$packet.ipv4_src_addr" }, packet_ipv4_src_addr_device_name: { $first: "$packet.ipv4_src_addr_device.name" }, packet_ipv4_src_addr_device_id: { $first: "$packet.ipv4_src_addr_device.id" }, packet_l4_src_port_service: { $first: "$packet.l4_src_port_service" }, packet_ipv4_dst_addr_host: { $first: "$packet.ipv4_dst_addr_host" }, packet_ipv4_dst_addr: { $first: "$packet.ipv4_dst_addr" }, packet_ipv4_dst_addr_device_name: { $first: "$packet.ipv4_dst_addr_device.name" }, packet_ipv4_dst_addr_device_id: { $first: "$packet.ipv4_dst_addr_device.id" }, packet_l4_dst_port_service: { $first: "$packet.l4_dst_port_service" } } }, { $project: { timeMs: 1, count: 1, stats.responderOctets: "$packet_responderOctets", stats.initiatorOctets: "$packet_initiatorOctets", stats.in_bytes: "$packet_in_bytes", stats.in_pkts: "$packet_in_pkts", stats.responderPackets: "$packet_responderPackets", stats.initiatorPackets: "$packet_initiatorPackets", stats.totalBytes: { $add: [ "$packet_responderOctets", "$packet_initiatorOctets", "$packet_in_bytes" ] }, stats.totalPackets: { $add: [ "$packet_responderPackets", "$packet_initiatorPackets", "$packet_in_pkts" ] }, attributes.ipv4SrcAddrHost: { $cond: { if: "$packet_ipv4_src_addr_host", then: "$packet_ipv4_src_addr_host", else: "$packet_ipv4_src_addr" } }, attributes.ipv4SrcAddrDeviceName: "$packet_ipv4_src_addr_device_name", attributes.ipv4SrcAddrDevice: "$packet_ipv4_src_addr_device_id", attributes.l4SrcPortService: "$packet_l4_src_port_service", attributes.ipv4DstAddrHost: { $cond: { if: "$packet_ipv4_dst_addr_host", then: "$packet_ipv4_dst_addr_host", else: "$packet_ipv4_dst_addr" } }, attributes.ipv4DstAddrDeviceName: "$packet_ipv4_dst_addr_device_name", attributes.ipv4DstAddrDevice: "$packet_ipv4_dst_addr_device_id", attributes.l4DstPortService: "$packet_l4_dst_port_service" } }, { $sort: { stats.totalBytes: -1 } }, { $limit: 200 } ], allowDiskUse: true, fromMongos: true, cursor: { batchSize: 100 }, useNewUpsert: true, shardVersion: [ Timestamp(0, 0), ObjectId('000000000000000000000000') ], $clusterTime: { clusterTime: Timestamp(1591815076, 1), signature: { hash: BinData(0, DA6D2A0014B852E68A4304B1976CC9E5A0988A0E), keyId: 6829344041860071455 } }, $audit: { $impersonatedUsers: [ { user: "node", db: "metric" } ], $impersonatedRoles: [ { role: "readWrite", db: "metric" }, { role: "readWrite", db: "report" }, { role: "readWrite", db: "gavtest" }, { role: "readWrite", db: "config" }, { role: "readWrite", db: "snapshot" }, { role: "readWrite", db: "netflow" } ] }, $client: { driver: { name: "nodejs", version: "3.2.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-957.5.1.el7.x86_64" }, platform: "Node.js v10.13.0, LE, mongodb-core: 3.2.7", mongos: { host: "slc-stage-mongos11:27017", client: "172.27.16.28:39722", version: "4.2.6" } }, $configServerState: { opTime: { ts: Timestamp(1591815079, 1), t: 13 } }, $db: "netflow" } planSummary: IXSCAN { company: 1, source: 1, timeMs: 1 } cursorid:7010937919818910901 keysExamined:117915 docsExamined:117915 hasSortStage:1 usedDisk:1 numYields:937 nreturned:100 queryHash:58CF9BB6 planCacheKey:F0E1C7E5 reslen:54224 locks:{ ReplicationStateTransition: { acquireCount: { w: 968 } }, Global: { acquireCount: { r: 968 } }, Database: { acquireCount: { r: 968 } }, Collection: { acquireCount: { r: 968 } }, Mutex: { acquireCount: { r: 32 } } } storage:{} protocol:op_msg 4797ms
2020-06-10T12:51:27.071-0600 I  COMMAND  [conn305472] command netflow.flows command: aggregate { aggregate: "flows", pipeline: [ { $match: { company: ObjectId('55a013e73683dfcd3c383001'), timeMs: { $gte: 1591814700000.0, $lt: 1591815000000.0 }, source: ObjectId('55a6a9c9b8c18ce214e582d2'), packet.firewallEvent: { $in: [ 5, null ] }, packet.protocol: { $in: [ 6, 17 ] } } }, { $group: { _id: { l4DstPort: { $cond: { if: "$packet.l4_dst_port", then: "$packet.l4_dst_port", else: "$packet.ipv4_dst_port" } }, source: "$source" }, timeMs: { $first: "$timeMs" }, count: { $sum: 1 }, packet_responderOctets: { $sum: "$packet.responderOctets" }, packet_initiatorOctets: { $sum: "$packet.initiatorOctets" }, packet_in_bytes: { $sum: "$packet.in_bytes" }, packet_in_pkts: { $sum: "$packet.in_pkts" }, packet_responderPackets: { $sum: "$packet.responderPackets" }, packet_initiatorPackets: { $sum: "$packet.initiatorPackets" }, packet_l4_dst_port_service: { $first: "$packet.l4_dst_port_service" } } }, { $project: { timeMs: 1, count: 1, stats.responderOctets: "$packet_responderOctets", stats.initiatorOctets: "$packet_initiatorOctets", stats.in_bytes: "$packet_in_bytes", stats.in_pkts: "$packet_in_pkts", stats.responderPackets: "$packet_responderPackets", stats.initiatorPackets: "$packet_initiatorPackets", stats.totalBytes: { $add: [ "$packet_responderOctets", "$packet_initiatorOctets", "$packet_in_bytes" ] }, stats.totalPackets: { $add: [ "$packet_responderPackets", "$packet_initiatorPackets", "$packet_in_pkts" ] }, attributes.l4DstPortService: "$packet_l4_dst_port_service" } }, { $sort: { stats.totalBytes: -1 } }, { $limit: 200 } ], allowDiskUse: true, fromMongos: true, cursor: { batchSize: 100 }, useNewUpsert: true, shardVersion: [ Timestamp(0, 0), ObjectId('000000000000000000000000') ], $clusterTime: { clusterTime: Timestamp(1591815082, 1), signature: { hash: BinData(0, 09F30399D2D648FB5144D29D72FE7B53DAB76194), keyId: 6829344041860071455 } }, $audit: { $impersonatedUsers: [ { user: "node", db: "metric" } ], $impersonatedRoles: [ { role: "readWrite", db: "metric" }, { role: "readWrite", db: "report" }, { role: "readWrite", db: "gavtest" }, { role: "readWrite", db: "config" }, { role: "readWrite", db: "snapshot" }, { role: "readWrite", db: "netflow" } ] }, $client: { driver: { name: "nodejs", version: "3.2.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-957.5.1.el7.x86_64" }, platform: "Node.js v10.13.0, LE, mongodb-core: 3.2.7", mongos: { host: "slc-stage-mongos11:27017", client: "172.27.16.28:39722", version: "4.2.6" } }, $configServerState: { opTime: { ts: Timestamp(1591815082, 1), t: 13 } }, $db: "netflow" } planSummary: IXSCAN { company: 1, source: 1, timeMs: 1 } keysExamined:117915 docsExamined:117915 hasSortStage:1 cursorExhausted:1 numYields:928 nreturned:45 queryHash:58CF9BB6 planCacheKey:F0E1C7E5 reslen:12528 locks:{ ReplicationStateTransition: { acquireCount: { w: 949 } }, Global: { acquireCount: { r: 949 } }, Database: { acquireCount: { r: 949 } }, Collection: { acquireCount: { r: 949 } }, Mutex: { acquireCount: { r: 22 } } } storage:{} protocol:op_msg 1080ms
2020-06-10T12:51:28.169-0600 I  COMMAND  [conn305472] command netflow.flows command: aggregate { aggregate: "flows", pipeline: [ { $match: { company: ObjectId('55a013e73683dfcd3c383001'), timeMs: { $gte: 1591814700000.0, $lt: 1591815000000.0 }, source: ObjectId('55a6a9c9b8c18ce214e582d2'), packet.firewallEvent: { $in: [ 5, null ] } } }, { $group: { _id: { protocol: "$packet.protocol", source: "$source" }, timeMs: { $first: "$timeMs" }, count: { $sum: 1 }, packet_responderOctets: { $sum: "$packet.responderOctets" }, packet_initiatorOctets: { $sum: "$packet.initiatorOctets" }, packet_in_bytes: { $sum: "$packet.in_bytes" }, packet_in_pkts: { $sum: "$packet.in_pkts" }, packet_responderPackets: { $sum: "$packet.responderPackets" }, packet_initiatorPackets: { $sum: "$packet.initiatorPackets" } } }, { $project: { timeMs: 1, count: 1, stats.responderOctets: "$packet_responderOctets", stats.initiatorOctets: "$packet_initiatorOctets", stats.in_bytes: "$packet_in_bytes", stats.in_pkts: "$packet_in_pkts", stats.responderPackets: "$packet_responderPackets", stats.initiatorPackets: "$packet_initiatorPackets", stats.totalBytes: { $add: [ "$packet_responderOctets", "$packet_initiatorOctets", "$packet_in_bytes" ] }, stats.totalPackets: { $add: [ "$packet_responderPackets", "$packet_initiatorPackets", "$packet_in_pkts" ] } } }, { $sort: { stats.totalBytes: -1 } }, { $limit: 200 } ], allowDiskUse: true, fromMongos: true, cursor: { batchSize: 100 }, useNewUpsert: true, shardVersion: [ Timestamp(0, 0), ObjectId('000000000000000000000000') ], $clusterTime: { clusterTime: Timestamp(1591815086, 1), signature: { hash: BinData(0, 5FB19472FD66558C06828FDCDB2933C844907CFD), keyId: 6829344041860071455 } }, $audit: { $impersonatedUsers: [ { user: "node", db: "metric" } ], $impersonatedRoles: [ { role: "readWrite", db: "metric" }, { role: "readWrite", db: "report" }, { role: "readWrite", db: "gavtest" }, { role: "readWrite", db: "config" }, { role: "readWrite", db: "snapshot" }, { role: "readWrite", db: "netflow" } ] }, $client: { driver: { name: "nodejs", version: "3.2.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-957.5.1.el7.x86_64" }, platform: "Node.js v10.13.0, LE, mongodb-core: 3.2.7", mongos: { host: "slc-stage-mongos11:27017", client: "172.27.16.28:39694", version: "4.2.6" } }, $configServerState: { opTime: { ts: Timestamp(1591815086, 1), t: 13 } }, $db: "netflow" } planSummary: IXSCAN { company: 1, source: 1, timeMs: 1 } keysExamined:117915 docsExamined:117915 hasSortStage:1 cursorExhausted:1 numYields:931 nreturned:6 queryHash:0BAB9910 planCacheKey:F6364D2C reslen:1595 locks:{ ReplicationStateTransition: { acquireCount: { w: 951 } }, Global: { acquireCount: { r: 951 } }, Database: { acquireCount: { r: 951 } }, Collection: { acquireCount: { r: 951 } }, Mutex: { acquireCount: { r: 21 } } } storage:{} protocol:op_msg 1072ms
2020-06-10T12:51:29.314-0600 I  NETWORK  [listener] connection accepted from 172.28.16.20:48980 #305552 (25 connections now open)
2020-06-10T12:51:29.314-0600 I  NETWORK  [conn305552] received client metadata from 172.28.16.20:48980 conn305552: { driver: { name: "nodejs", version: "3.5.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-327.3.1.el7.x86_64" }, platform: "'Node.js v10.13.0, LE (legacy)" }
2020-06-10T12:51:29.327-0600 I  ACCESS   [conn305552] Successfully authenticated as principal monitor on admin from client 172.28.16.20:48980
2020-06-10T12:51:29.475-0600 I  NETWORK  [conn305552] end connection 172.28.16.20:48980 (24 connections now open)
2020-06-10T12:51:30.265-0600 I  COMMAND  [conn305472] command netflow.flows command: aggregate { aggregate: "flows", pipeline: [ { $match: { company: ObjectId('55a013e73683dfcd3c383001'), timeMs: { $gte: 1591814700000.0, $lt: 1591815000000.0 }, source: ObjectId('55a6a9c9b8c18ce214e582d2'), packet.firewallEvent: { $in: [ 5, null ] } } }, { $group: { _id: { ipv4SrcAddr: "$packet.ipv4_src_addr", source: "$source" }, timeMs: { $first: "$timeMs" }, count: { $sum: 1 }, packet_responderOctets: { $sum: "$packet.responderOctets" }, packet_initiatorOctets: { $sum: "$packet.initiatorOctets" }, packet_in_bytes: { $sum: "$packet.in_bytes" }, packet_in_pkts: { $sum: "$packet.in_pkts" }, packet_responderPackets: { $sum: "$packet.responderPackets" }, packet_initiatorPackets: { $sum: "$packet.initiatorPackets" }, packet_ipv4_src_addr_host: { $first: "$packet.ipv4_src_addr_host" }, packet_ipv4_src_addr: { $first: "$packet.ipv4_src_addr" }, packet_ipv4_src_addr_device_name: { $first: "$packet.ipv4_src_addr_device.name" }, packet_ipv4_src_addr_device_id: { $first: "$packet.ipv4_src_addr_device.id" } } }, { $project: { timeMs: 1, count: 1, stats.responderOctets: "$packet_responderOctets", stats.initiatorOctets: "$packet_initiatorOctets", stats.in_bytes: "$packet_in_bytes", stats.in_pkts: "$packet_in_pkts", stats.responderPackets: "$packet_responderPackets", stats.initiatorPackets: "$packet_initiatorPackets", stats.totalBytes: { $add: [ "$packet_responderOctets", "$packet_initiatorOctets", "$packet_in_bytes" ] }, stats.totalPackets: { $add: [ "$packet_responderPackets", "$packet_initiatorPackets", "$packet_in_pkts" ] }, attributes.ipv4SrcAddrHost: { $cond: { if: "$packet_ipv4_src_addr_host", then: "$packet_ipv4_src_addr_host", else: "$packet_ipv4_src_addr" } }, attributes.ipv4SrcAddrDeviceName: "$packet_ipv4_src_addr_device_name", attributes.ipv4SrcAddrDevice: "$packet_ipv4_src_addr_device_id" } }, { $sort: { stats.totalPackets: -1 } }, { $limit: 200 } ], allowDiskUse: true, fromMongos: true, cursor: { batchSize: 100 }, useNewUpsert: true, shardVersion: [ Timestamp(0, 0), ObjectId('000000000000000000000000') ], $clusterTime: { clusterTime: Timestamp(1591815086, 1), signature: { hash: BinData(0, 5FB19472FD66558C06828FDCDB2933C844907CFD), keyId: 6829344041860071455 } }, $audit: { $impersonatedUsers: [ { user: "node", db: "metric" } ], $impersonatedRoles: [ { role: "readWrite", db: "metric" }, { role: "readWrite", db: "report" }, { role: "readWrite", db: "gavtest" }, { role: "readWrite", db: "config" }, { role: "readWrite", db: "snapshot" }, { role: "readWrite", db: "netflow" } ] }, $client: { driver: { name: "nodejs", version: "3.2.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-957.5.1.el7.x86_64" }, platform: "Node.js v10.13.0, LE, mongodb-core: 3.2.7", mongos: { host: "slc-stage-mongos11:27017", client: "172.27.16.28:39712", version: "4.2.6" } }, $configServerState: { opTime: { ts: Timestamp(1591815086, 1), t: 13 } }, $db: "netflow" } planSummary: IXSCAN { company: 1, source: 1, timeMs: 1 } cursorid:8235376080838160258 keysExamined:117915 docsExamined:117915 hasSortStage:1 numYields:931 nreturned:100 queryHash:0BAB9910 planCacheKey:F6364D2C reslen:36087 locks:{ ReplicationStateTransition: { acquireCount: { w: 955 } }, Global: { acquireCount: { r: 955 } }, Database: { acquireCount: { r: 955 } }, Collection: { acquireCount: { r: 955 } }, Mutex: { acquireCount: { r: 25 } } } storage:{} protocol:op_msg 1311ms
2020-06-10T12:51:30.969-0600 I  NETWORK  [listener] connection accepted from 172.27.16.34:56164 #305553 (25 connections now open)
2020-06-10T12:51:30.970-0600 I  NETWORK  [conn305553] received client metadata from 172.27.16.34:56164 conn305553: { driver: { name: "nodejs", version: "3.5.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-327.18.2.el7.x86_64" }, platform: "'Node.js v10.13.0, LE (legacy)" }
2020-06-10T12:51:31.012-0600 I  ACCESS   [conn305553] Successfully authenticated as principal monitor on admin from client 172.27.16.34:56164
2020-06-10T12:51:31.314-0600 I  NETWORK  [conn305553] end connection 172.27.16.34:56164 (24 connections now open)
2020-06-10T12:51:31.705-0600 I  COMMAND  [conn305506] command netflow.flows command: aggregate { aggregate: "flows", pipeline: [ { $match: { company: ObjectId('55a013e73683dfcd3c383001'), timeMs: { $gte: 1591814700000.0, $lt: 1591815000000.0 }, source: ObjectId('55a6a9c9b8c18ce214e582d2'), packet.firewallEvent: { $in: [ 5, null ] } } }, { $group: { _id: { ipv4DstAddr: "$packet.ipv4_dst_addr", source: "$source" }, timeMs: { $first: "$timeMs" }, count: { $sum: 1 }, packet_responderOctets: { $sum: "$packet.responderOctets" }, packet_initiatorOctets: { $sum: "$packet.initiatorOctets" }, packet_in_bytes: { $sum: "$packet.in_bytes" }, packet_in_pkts: { $sum: "$packet.in_pkts" }, packet_responderPackets: { $sum: "$packet.responderPackets" }, packet_initiatorPackets: { $sum: "$packet.initiatorPackets" }, packet_ipv4_dst_addr_host: { $first: "$packet.ipv4_dst_addr_host" }, packet_ipv4_dst_addr: { $first: "$packet.ipv4_dst_addr" }, packet_ipv4_dst_addr_device_name: { $first: "$packet.ipv4_dst_addr_device.name" }, packet_ipv4_dst_addr_device_id: { $first: "$packet.ipv4_dst_addr_device.id" } } }, { $project: { timeMs: 1, count: 1, stats.responderOctets: "$packet_responderOctets", stats.initiatorOctets: "$packet_initiatorOctets", stats.in_bytes: "$packet_in_bytes", stats.in_pkts: "$packet_in_pkts", stats.responderPackets: "$packet_responderPackets", stats.initiatorPackets: "$packet_initiatorPackets", stats.totalBytes: { $add: [ "$packet_responderOctets", "$packet_initiatorOctets", "$packet_in_bytes" ] }, stats.totalPackets: { $add: [ "$packet_responderPackets", "$packet_initiatorPackets", "$packet_in_pkts" ] }, attributes.ipv4DstAddrHost: { $cond: { if: "$packet_ipv4_dst_addr_host", then: "$packet_ipv4_dst_addr_host", else: "$packet_ipv4_dst_addr" } }, attributes.ipv4DstAddrDeviceName: "$packet_ipv4_dst_addr_device_name", attributes.ipv4DstAddrDevice: "$packet_ipv4_dst_addr_device_id" } }, { $sort: { stats.totalPackets: -1 } }, { $limit: 200 } ], allowDiskUse: true, fromMongos: true, cursor: { batchSize: 100 }, useNewUpsert: true, shardVersion: [ Timestamp(0, 0), ObjectId('000000000000000000000000') ], $clusterTime: { clusterTime: Timestamp(1591815086, 1), signature: { hash: BinData(0, 5FB19472FD66558C06828FDCDB2933C844907CFD), keyId: 6829344041860071455 } }, $audit: { $impersonatedUsers: [ { user: "node", db: "metric" } ], $impersonatedRoles: [ { role: "readWrite", db: "metric" }, { role: "readWrite", db: "report" }, { role: "readWrite", db: "gavtest" }, { role: "readWrite", db: "config" }, { role: "readWrite", db: "snapshot" }, { role: "readWrite", db: "netflow" } ] }, $client: { driver: { name: "nodejs", version: "3.2.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-957.5.1.el7.x86_64" }, platform: "Node.js v10.13.0, LE, mongodb-core: 3.2.7", mongos: { host: "slc-stage-mongos11:27017", client: "172.27.16.28:39696", version: "4.2.6" } }, $configServerState: { opTime: { ts: Timestamp(1591815086, 1), t: 13 } }, $db: "netflow" } planSummary: IXSCAN { company: 1, source: 1, timeMs: 1 } cursorid:185494710136629848 keysExamined:117915 docsExamined:117915 hasSortStage:1 numYields:933 nreturned:100 queryHash:0BAB9910 planCacheKey:F6364D2C reslen:35939 locks:{ ReplicationStateTransition: { acquireCount: { w: 956 } }, Global: { acquireCount: { r: 956 } }, Database: { acquireCount: { r: 956 } }, Collection: { acquireCount: { r: 956 } }, Mutex: { acquireCount: { r: 24 } } } storage:{ data: { bytesRead: 226509, timeReadingMicros: 452 } } protocol:op_msg 1352ms
2020-06-10T12:51:31.940-0600 I  NETWORK  [listener] connection accepted from 172.27.16.34:56177 #305554 (25 connections now open)
2020-06-10T12:51:31.941-0600 I  NETWORK  [conn305554] received client metadata from 172.27.16.34:56177 conn305554: { driver: { name: "nodejs", version: "3.5.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-327.18.2.el7.x86_64" }, platform: "'Node.js v10.13.0, LE (legacy)" }
2020-06-10T12:51:31.949-0600 I  ACCESS   [conn305554] Successfully authenticated as principal monitor on admin from client 172.27.16.34:56177
2020-06-10T12:51:32.568-0600 I  NETWORK  [conn305554] end connection 172.27.16.34:56177 (24 connections now open)
2020-06-10T12:51:33.082-0600 I  COMMAND  [conn305510] command netflow.flows command: aggregate { aggregate: "flows", pipeline: [ { $match: { company: ObjectId('55a013e73683dfcd3c383001'), timeMs: { $gte: 1591814700000.0, $lt: 1591815000000.0 }, source: ObjectId('55a6a9c9b8c18ce214e582d2'), packet.firewallEvent: { $in: [ 5, null ] }, packet.protocol: { $in: [ 6, 17 ] } } }, { $group: { _id: { l4DstPort: { $cond: { if: "$packet.l4_dst_port", then: "$packet.l4_dst_port", else: "$packet.ipv4_dst_port" } }, source: "$source" }, timeMs: { $first: "$timeMs" }, count: { $sum: 1 }, packet_responderOctets: { $sum: "$packet.responderOctets" }, packet_initiatorOctets: { $sum: "$packet.initiatorOctets" }, packet_in_bytes: { $sum: "$packet.in_bytes" }, packet_in_pkts: { $sum: "$packet.in_pkts" }, packet_responderPackets: { $sum: "$packet.responderPackets" }, packet_initiatorPackets: { $sum: "$packet.initiatorPackets" }, packet_l4_dst_port_service: { $first: "$packet.l4_dst_port_service" } } }, { $project: { timeMs: 1, count: 1, stats.responderOctets: "$packet_responderOctets", stats.initiatorOctets: "$packet_initiatorOctets", stats.in_bytes: "$packet_in_bytes", stats.in_pkts: "$packet_in_pkts", stats.responderPackets: "$packet_responderPackets", stats.initiatorPackets: "$packet_initiatorPackets", stats.totalBytes: { $add: [ "$packet_responderOctets", "$packet_initiatorOctets", "$packet_in_bytes" ] }, stats.totalPackets: { $add: [ "$packet_responderPackets", "$packet_initiatorPackets", "$packet_in_pkts" ] }, attributes.l4DstPortService: "$packet_l4_dst_port_service" } }, { $sort: { stats.totalPackets: -1 } }, { $limit: 200 } ], allowDiskUse: true, fromMongos: true, cursor: { batchSize: 100 }, useNewUpsert: true, shardVersion: [ Timestamp(0, 0), ObjectId('000000000000000000000000') ], $clusterTime: { clusterTime: Timestamp(1591815091, 1), signature: { hash: BinData(0, BDE7773F71AF1530738A82915583CB436D08BFCE), keyId: 6829344041860071455 } }, $audit: { $impersonatedUsers: [ { user: "node", db: "metric" } ], $impersonatedRoles: [ { role: "readWrite", db: "metric" }, { role: "readWrite", db: "report" }, { role: "readWrite", db: "gavtest" }, { role: "readWrite", db: "config" }, { role: "readWrite", db: "snapshot" }, { role: "readWrite", db: "netflow" } ] }, $client: { driver: { name: "nodejs", version: "3.2.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-957.5.1.el7.x86_64" }, platform: "Node.js v10.13.0, LE, mongodb-core: 3.2.7", mongos: { host: "slc-stage-mongos11:27017", client: "172.27.16.28:39672", version: "4.2.6" } }, $configServerState: { opTime: { ts: Timestamp(1591815091, 1), t: 13 } }, $db: "netflow" } planSummary: IXSCAN { company: 1, source: 1, timeMs: 1 } keysExamined:117915 docsExamined:117915 hasSortStage:1 cursorExhausted:1 numYields:930 nreturned:45 queryHash:58CF9BB6 planCacheKey:F0E1C7E5 reslen:12528 locks:{ ReplicationStateTransition: { acquireCount: { w: 951 } }, Global: { acquireCount: { r: 951 } }, Database: { acquireCount: { r: 951 } }, Collection: { acquireCount: { r: 951 } }, Mutex: { acquireCount: { r: 22 } } } storage:{} protocol:op_msg 1287ms
2020-06-10T12:51:33.311-0600 I  NETWORK  [listener] connection accepted from 172.28.16.20:49014 #305555 (25 connections now open)
2020-06-10T12:51:33.323-0600 I  NETWORK  [conn305555] received client metadata from 172.28.16.20:49014 conn305555: { driver: { name: "nodejs", version: "3.5.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-327.3.1.el7.x86_64" }, platform: "'Node.js v10.13.0, LE (legacy)" }
2020-06-10T12:51:33.326-0600 I  ACCESS   [conn305555] Successfully authenticated as principal monitor on admin from client 172.28.16.20:49014
2020-06-10T12:51:33.420-0600 I  NETWORK  [conn305555] end connection 172.28.16.20:49014 (24 connections now open)
2020-06-10T12:51:33.969-0600 I  NETWORK  [listener] connection accepted from 172.27.16.34:56181 #305556 (25 connections now open)
2020-06-10T12:51:33.970-0600 I  NETWORK  [conn305556] received client metadata from 172.27.16.34:56181 conn305556: { driver: { name: "nodejs", version: "3.5.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-327.18.2.el7.x86_64" }, platform: "'Node.js v10.13.0, LE (legacy)" }
2020-06-10T12:51:33.974-0600 I  ACCESS   [conn305556] Successfully authenticated as principal monitor on admin from client 172.27.16.34:56181
2020-06-10T12:51:34.185-0600 I  NETWORK  [conn305556] end connection 172.27.16.34:56181 (24 connections now open)
2020-06-10T12:51:34.331-0600 I  NETWORK  [listener] connection accepted from 172.28.16.20:49031 #305557 (25 connections now open)
2020-06-10T12:51:34.333-0600 I  NETWORK  [conn305557] received client metadata from 172.28.16.20:49031 conn305557: { driver: { name: "nodejs", version: "3.5.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-327.3.1.el7.x86_64" }, platform: "'Node.js v10.13.0, LE (legacy)" }
2020-06-10T12:51:34.349-0600 I  ACCESS   [conn305557] Successfully authenticated as principal monitor on admin from client 172.28.16.20:49031
2020-06-10T12:51:34.402-0600 I  NETWORK  [conn305557] end connection 172.28.16.20:49031 (24 connections now open)
2020-06-10T12:51:36.334-0600 I  NETWORK  [listener] connection accepted from 172.28.16.20:49048 #305558 (25 connections now open)
2020-06-10T12:51:36.335-0600 I  NETWORK  [conn305558] received client metadata from 172.28.16.20:49048 conn305558: { driver: { name: "nodejs", version: "3.5.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-327.3.1.el7.x86_64" }, platform: "'Node.js v10.13.0, LE (legacy)" }
2020-06-10T12:51:36.338-0600 I  ACCESS   [conn305558] Successfully authenticated as principal monitor on admin from client 172.28.16.20:49048
2020-06-10T12:51:36.712-0600 I  NETWORK  [conn305558] end connection 172.28.16.20:49048 (24 connections now open)
2020-06-10T12:51:37.960-0600 I  COMMAND  [conn305472] command netflow.flows command: aggregate { aggregate: "flows", pipeline: [ { $match: { company: ObjectId('55a013e73683dfcd3c383001'), timeMs: { $gte: 1591814700000.0, $lt: 1591815000000.0 }, source: ObjectId('55a6a9c9b8c18ce214e582d2'), packet.firewallEvent: { $in: [ 5, null ] }, packet.protocol: { $in: [ 6, 17 ] } } }, { $group: { _id: { ipv4SrcAddr: "$packet.ipv4_src_addr", l4SrcPort: { $cond: { if: "$packet.l4_src_port", then: "$packet.l4_src_port", else: "$packet.ipv4_src_port" } }, ipv4DstAddr: "$packet.ipv4_dst_addr", l4DstPort: { $cond: { if: "$packet.l4_dst_port", then: "$packet.l4_dst_port", else: "$packet.ipv4_dst_port" } }, source: "$source" }, timeMs: { $first: "$timeMs" }, count: { $sum: 1 }, packet_responderOctets: { $sum: "$packet.responderOctets" }, packet_initiatorOctets: { $sum: "$packet.initiatorOctets" }, packet_in_bytes: { $sum: "$packet.in_bytes" }, packet_in_pkts: { $sum: "$packet.in_pkts" }, packet_responderPackets: { $sum: "$packet.responderPackets" }, packet_initiatorPackets: { $sum: "$packet.initiatorPackets" }, connTime: { $max: { $cond: { if: "$packet.observationTimeMilliseconds", then: { $subtract: [ "$packet.observationTimeMilliseconds", "$packet.flowCreatedMilliseconds" ] }, else: { $subtract: [ "$packet.last_switched", "$packet.first_switched" ] } } } }, packet_ipv4_src_addr_host: { $first: "$packet.ipv4_src_addr_host" }, packet_ipv4_src_addr: { $first: "$packet.ipv4_src_addr" }, packet_ipv4_src_addr_device_name: { $first: "$packet.ipv4_src_addr_device.name" }, packet_ipv4_src_addr_device_id: { $first: "$packet.ipv4_src_addr_device.id" }, packet_l4_src_port_service: { $first: "$packet.l4_src_port_service" }, packet_ipv4_dst_addr_host: { $first: "$packet.ipv4_dst_addr_host" }, packet_ipv4_dst_addr: { $first: "$packet.ipv4_dst_addr" }, packet_ipv4_dst_addr_device_name: { $first: "$packet.ipv4_dst_addr_device.name" }, packet_ipv4_dst_addr_device_id: { $first: "$packet.ipv4_dst_addr_device.id" }, packet_l4_dst_port_service: { $first: "$packet.l4_dst_port_service" } } }, { $project: { timeMs: 1, count: 1, stats.responderOctets: "$packet_responderOctets", stats.initiatorOctets: "$packet_initiatorOctets", stats.in_bytes: "$packet_in_bytes", stats.in_pkts: "$packet_in_pkts", stats.responderPackets: "$packet_responderPackets", stats.initiatorPackets: "$packet_initiatorPackets", stats.connTime: "$connTime", stats.totalBytes: { $add: [ "$packet_responderOctets", "$packet_initiatorOctets", "$packet_in_bytes" ] }, stats.totalPackets: { $add: [ "$packet_responderPackets", "$packet_initiatorPackets", "$packet_in_pkts" ] }, attributes.ipv4SrcAddrHost: { $cond: { if: "$packet_ipv4_src_addr_host", then: "$packet_ipv4_src_addr_host", else: "$packet_ipv4_src_addr" } }, attributes.ipv4SrcAddrDeviceName: "$packet_ipv4_src_addr_device_name", attributes.ipv4SrcAddrDevice: "$packet_ipv4_src_addr_device_id", attributes.l4SrcPortService: "$packet_l4_src_port_service", attributes.ipv4DstAddrHost: { $cond: { if: "$packet_ipv4_dst_addr_host", then: "$packet_ipv4_dst_addr_host", else: "$packet_ipv4_dst_addr" } }, attributes.ipv4DstAddrDeviceName: "$packet_ipv4_dst_addr_device_name", attributes.ipv4DstAddrDevice: "$packet_ipv4_dst_addr_device_id", attributes.l4DstPortService: "$packet_l4_dst_port_service" } }, { $sort: { stats.connTime: -1 } }, { $limit: 200 } ], allowDiskUse: true, fromMongos: true, cursor: { batchSize: 100 }, useNewUpsert: true, shardVersion: [ Timestamp(0, 0), ObjectId('000000000000000000000000') ], $clusterTime: { clusterTime: Timestamp(1591815091, 1), signature: { hash: BinData(0, BDE7773F71AF1530738A82915583CB436D08BFCE), keyId: 6829344041860071455 } }, $audit: { $impersonatedUsers: [ { user: "node", db: "metric" } ], $impersonatedRoles: [ { role: "readWrite", db: "metric" }, { role: "readWrite", db: "report" }, { role: "readWrite", db: "gavtest" }, { role: "readWrite", db: "config" }, { role: "readWrite", db: "snapshot" }, { role: "readWrite", db: "netflow" } ] }, $client: { driver: { name: "nodejs", version: "3.2.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-957.5.1.el7.x86_64" }, platform: "Node.js v10.13.0, LE, mongodb-core: 3.2.7", mongos: { host: "slc-stage-mongos11:27017", client: "172.27.16.28:39698", version: "4.2.6" } }, $configServerState: { opTime: { ts: Timestamp(1591815091, 1), t: 13 } }, $db: "netflow" } planSummary: IXSCAN { company: 1, source: 1, timeMs: 1 } cursorid:5364543866401004521 keysExamined:117915 docsExamined:117915 hasSortStage:1 usedDisk:1 numYields:938 nreturned:100 queryHash:58CF9BB6 planCacheKey:F0E1C7E5 reslen:55318 locks:{ ReplicationStateTransition: { acquireCount: { w: 972 } }, Global: { acquireCount: { r: 972 } }, Database: { acquireCount: { r: 972 } }, Collection: { acquireCount: { r: 972 } }, Mutex: { acquireCount: { r: 35 } } } storage:{} protocol:op_msg 4502ms
2020-06-10T12:51:38.314-0600 I  NETWORK  [listener] connection accepted from 172.28.16.20:49056 #305559 (25 connections now open)
2020-06-10T12:51:38.314-0600 I  NETWORK  [conn305559] received client metadata from 172.28.16.20:49056 conn305559: { driver: { name: "nodejs", version: "3.5.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-327.3.1.el7.x86_64" }, platform: "'Node.js v10.13.0, LE (legacy)" }
2020-06-10T12:51:38.316-0600 I  ACCESS   [conn305559] Successfully authenticated as principal monitor on admin from client 172.28.16.20:49056
2020-06-10T12:51:38.332-0600 I  NETWORK  [conn305559] end connection 172.28.16.20:49056 (24 connections now open)
2020-06-10T12:51:38.955-0600 I  NETWORK  [listener] connection accepted from 172.27.16.34:56190 #305560 (25 connections now open)
2020-06-10T12:51:38.955-0600 I  NETWORK  [conn305560] received client metadata from 172.27.16.34:56190 conn305560: { driver: { name: "nodejs", version: "3.5.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-327.18.2.el7.x86_64" }, platform: "'Node.js v10.13.0, LE (legacy)" }
2020-06-10T12:51:38.958-0600 I  ACCESS   [conn305560] Successfully authenticated as principal monitor on admin from client 172.27.16.34:56190
2020-06-10T12:51:38.973-0600 I  NETWORK  [conn305560] end connection 172.27.16.34:56190 (24 connections now open)
2020-06-10T12:51:39.314-0600 I  NETWORK  [listener] connection accepted from 172.28.16.20:49061 #305561 (25 connections now open)
2020-06-10T12:51:39.317-0600 I  NETWORK  [conn305561] received client metadata from 172.28.16.20:49061 conn305561: { driver: { name: "nodejs", version: "3.5.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-327.3.1.el7.x86_64" }, platform: "'Node.js v10.13.0, LE (legacy)" }
2020-06-10T12:51:39.326-0600 I  ACCESS   [conn305561] Successfully authenticated as principal monitor on admin from client 172.28.16.20:49061
2020-06-10T12:51:39.682-0600 I  NETWORK  [conn305561] end connection 172.28.16.20:49061 (24 connections now open)
2020-06-10T12:51:41.318-0600 I  NETWORK  [listener] connection accepted from 172.28.16.20:49071 #305562 (25 connections now open)
2020-06-10T12:51:41.319-0600 I  NETWORK  [conn305562] received client metadata from 172.28.16.20:49071 conn305562: { driver: { name: "nodejs", version: "3.5.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-327.3.1.el7.x86_64" }, platform: "'Node.js v10.13.0, LE (legacy)" }
2020-06-10T12:51:41.321-0600 I  ACCESS   [conn305562] Successfully authenticated as principal monitor on admin from client 172.28.16.20:49071
2020-06-10T12:51:41.330-0600 I  NETWORK  [conn305562] end connection 172.28.16.20:49071 (24 connections now open)
2020-06-10T12:51:41.912-0600 I  COMMAND  [conn305457] command netflow.flows command: aggregate { aggregate: "flows", pipeline: [ { $match: { company: ObjectId('55a013e73683dfcd3c383001'), timeMs: { $gte: 1591815000000.0, $lt: 1591815300000.0 }, source: ObjectId('55a6a9c9b8c18ce214e582d2'), packet.firewallEvent: { $in: [ 5, null ] }, packet.protocol: { $in: [ 6, 17 ] } } }, { $group: { _id: { ipv4SrcAddr: "$packet.ipv4_src_addr", l4SrcPort: { $cond: { if: "$packet.l4_src_port", then: "$packet.l4_src_port", else: "$packet.ipv4_src_port" } }, ipv4DstAddr: "$packet.ipv4_dst_addr", l4DstPort: { $cond: { if: "$packet.l4_dst_port", then: "$packet.l4_dst_port", else: "$packet.ipv4_dst_port" } }, source: "$source" }, timeMs: { $first: "$timeMs" }, count: { $sum: 1 }, packet_responderOctets: { $sum: "$packet.responderOctets" }, packet_initiatorOctets: { $sum: "$packet.initiatorOctets" }, packet_in_bytes: { $sum: "$packet.in_bytes" }, packet_in_pkts: { $sum: "$packet.in_pkts" }, packet_responderPackets: { $sum: "$packet.responderPackets" }, packet_initiatorPackets: { $sum: "$packet.initiatorPackets" }, packet_ipv4_src_addr_host: { $first: "$packet.ipv4_src_addr_host" }, packet_ipv4_src_addr: { $first: "$packet.ipv4_src_addr" }, packet_ipv4_src_addr_device_name: { $first: "$packet.ipv4_src_addr_device.name" }, packet_ipv4_src_addr_device_id: { $first: "$packet.ipv4_src_addr_device.id" }, packet_l4_src_port_service: { $first: "$packet.l4_src_port_service" }, packet_ipv4_dst_addr_host: { $first: "$packet.ipv4_dst_addr_host" }, packet_ipv4_dst_addr: { $first: "$packet.ipv4_dst_addr" }, packet_ipv4_dst_addr_device_name: { $first: "$packet.ipv4_dst_addr_device.name" }, packet_ipv4_dst_addr_device_id: { $first: "$packet.ipv4_dst_addr_device.id" }, packet_l4_dst_port_service: { $first: "$packet.l4_dst_port_service" } } }, { $project: { timeMs: 1, count: 1, stats.responderOctets: "$packet_responderOctets", stats.initiatorOctets: "$packet_initiatorOctets", stats.in_bytes: "$packet_in_bytes", stats.in_pkts: "$packet_in_pkts", stats.responderPackets: "$packet_responderPackets", stats.initiatorPackets: "$packet_initiatorPackets", stats.totalBytes: { $add: [ "$packet_responderOctets", "$packet_initiatorOctets", "$packet_in_bytes" ] }, stats.totalPackets: { $add: [ "$packet_responderPackets", "$packet_initiatorPackets", "$packet_in_pkts" ] }, attributes.ipv4SrcAddrHost: { $cond: { if: "$packet_ipv4_src_addr_host", then: "$packet_ipv4_src_addr_host", else: "$packet_ipv4_src_addr" } }, attributes.ipv4SrcAddrDeviceName: "$packet_ipv4_src_addr_device_name", attributes.ipv4SrcAddrDevice: "$packet_ipv4_src_addr_device_id", attributes.l4SrcPortService: "$packet_l4_src_port_service", attributes.ipv4DstAddrHost: { $cond: { if: "$packet_ipv4_dst_addr_host", then: "$packet_ipv4_dst_addr_host", else: "$packet_ipv4_dst_addr" } }, attributes.ipv4DstAddrDeviceName: "$packet_ipv4_dst_addr_device_name", attributes.ipv4DstAddrDevice: "$packet_ipv4_dst_addr_device_id", attributes.l4DstPortService: "$packet_l4_dst_port_service" } }, { $sort: { stats.totalBytes: -1 } }, { $limit: 200 } ], allowDiskUse: true, fromMongos: true, cursor: { batchSize: 100 }, useNewUpsert: true, shardVersion: [ Timestamp(0, 0), ObjectId('000000000000000000000000') ], $clusterTime: { clusterTime: Timestamp(1591815096, 1), signature: { hash: BinData(0, 14286B11410EB2DFF4118C473B9224D29851FF09), keyId: 6829344041860071455 } }, $audit: { $impersonatedUsers: [ { user: "node", db: "metric" } ], $impersonatedRoles: [ { role: "readWrite", db: "metric" }, { role: "readWrite", db: "report" }, { role: "readWrite", db: "gavtest" }, { role: "readWrite", db: "config" }, { role: "readWrite", db: "snapshot" }, { role: "readWrite", db: "netflow" } ] }, $client: { driver: { name: "nodejs", version: "3.2.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-957.5.1.el7.x86_64" }, platform: "Node.js v10.13.0, LE, mongodb-core: 3.2.7", mongos: { host: "slc-stage-mongos11:27017", client: "172.27.16.28:39672", version: "4.2.6" } }, $configServerState: { opTime: { ts: Timestamp(1591815096, 1), t: 13 } }, $db: "netflow" } planSummary: IXSCAN { company: 1, source: 1, timeMs: 1 } cursorid:1366147680316904847 keysExamined:36006 docsExamined:36006 hasSortStage:1 numYields:287 nreturned:100 queryHash:58CF9BB6 planCacheKey:F0E1C7E5 reslen:53822 locks:{ ReplicationStateTransition: { acquireCount: { w: 298 } }, Global: { acquireCount: { r: 298 } }, Database: { acquireCount: { r: 298 } }, Collection: { acquireCount: { r: 298 } }, Mutex: { acquireCount: { r: 12 } } } storage:{} protocol:op_msg 1059ms
2020-06-10T12:51:42.635-0600 I  NETWORK  [conn305402] end connection 172.27.8.11:53006 (23 connections now open)
2020-06-10T12:51:45.961-0600 I  NETWORK  [listener] connection accepted from 172.27.16.34:56195 #305563 (24 connections now open)
2020-06-10T12:51:45.962-0600 I  NETWORK  [listener] connection accepted from 172.27.16.34:56194 #305564 (25 connections now open)
2020-06-10T12:51:45.962-0600 I  NETWORK  [conn305564] received client metadata from 172.27.16.34:56194 conn305564: { driver: { name: "nodejs", version: "3.5.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-327.18.2.el7.x86_64" }, platform: "'Node.js v10.13.0, LE (legacy)" }
2020-06-10T12:51:45.962-0600 I  NETWORK  [conn305563] received client metadata from 172.27.16.34:56195 conn305563: { driver: { name: "nodejs", version: "3.5.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-327.18.2.el7.x86_64" }, platform: "'Node.js v10.13.0, LE (legacy)" }
2020-06-10T12:51:45.966-0600 I  ACCESS   [conn305564] Successfully authenticated as principal monitor on admin from client 172.27.16.34:56194
2020-06-10T12:51:45.966-0600 I  ACCESS   [conn305563] Successfully authenticated as principal monitor on admin from client 172.27.16.34:56195
2020-06-10T12:51:45.979-0600 I  NETWORK  [conn305563] end connection 172.27.16.34:56195 (24 connections now open)
2020-06-10T12:51:45.980-0600 I  COMMAND  [conn305457] command netflow.flows command: aggregate { aggregate: "flows", pipeline: [ { $match: { company: ObjectId('55a013e73683dfcd3c383001'), timeMs: { $gte: 1591815000000.0, $lt: 1591815300000.0 }, source: ObjectId('55a6a9c9b8c18ce214e582d2'), packet.firewallEvent: { $in: [ 5, null ] }, packet.protocol: { $in: [ 6, 17 ] } } }, { $group: { _id: { ipv4SrcAddr: "$packet.ipv4_src_addr", l4SrcPort: { $cond: { if: "$packet.l4_src_port", then: "$packet.l4_src_port", else: "$packet.ipv4_src_port" } }, ipv4DstAddr: "$packet.ipv4_dst_addr", l4DstPort: { $cond: { if: "$packet.l4_dst_port", then: "$packet.l4_dst_port", else: "$packet.ipv4_dst_port" } }, source: "$source" }, timeMs: { $first: "$timeMs" }, count: { $sum: 1 }, packet_responderOctets: { $sum: "$packet.responderOctets" }, packet_initiatorOctets: { $sum: "$packet.initiatorOctets" }, packet_in_bytes: { $sum: "$packet.in_bytes" }, packet_in_pkts: { $sum: "$packet.in_pkts" }, packet_responderPackets: { $sum: "$packet.responderPackets" }, packet_initiatorPackets: { $sum: "$packet.initiatorPackets" }, connTime: { $max: { $cond: { if: "$packet.observationTimeMilliseconds", then: { $subtract: [ "$packet.observationTimeMilliseconds", "$packet.flowCreatedMilliseconds" ] }, else: { $subtract: [ "$packet.last_switched", "$packet.first_switched" ] } } } }, packet_ipv4_src_addr_host: { $first: "$packet.ipv4_src_addr_host" }, packet_ipv4_src_addr: { $first: "$packet.ipv4_src_addr" }, packet_ipv4_src_addr_device_name: { $first: "$packet.ipv4_src_addr_device.name" }, packet_ipv4_src_addr_device_id: { $first: "$packet.ipv4_src_addr_device.id" }, packet_l4_src_port_service: { $first: "$packet.l4_src_port_service" }, packet_ipv4_dst_addr_host: { $first: "$packet.ipv4_dst_addr_host" }, packet_ipv4_dst_addr: { $first: "$packet.ipv4_dst_addr" }, packet_ipv4_dst_addr_device_name: { $first: "$packet.ipv4_dst_addr_device.name" }, packet_ipv4_dst_addr_device_id: { $first: "$packet.ipv4_dst_addr_device.id" }, packet_l4_dst_port_service: { $first: "$packet.l4_dst_port_service" } } }, { $project: { timeMs: 1, count: 1, stats.responderOctets: "$packet_responderOctets", stats.initiatorOctets: "$packet_initiatorOctets", stats.in_bytes: "$packet_in_bytes", stats.in_pkts: "$packet_in_pkts", stats.responderPackets: "$packet_responderPackets", stats.initiatorPackets: "$packet_initiatorPackets", stats.connTime: "$connTime", stats.totalBytes: { $add: [ "$packet_responderOctets", "$packet_initiatorOctets", "$packet_in_bytes" ] }, stats.totalPackets: { $add: [ "$packet_responderPackets", "$packet_initiatorPackets", "$packet_in_pkts" ] }, attributes.ipv4SrcAddrHost: { $cond: { if: "$packet_ipv4_src_addr_host", then: "$packet_ipv4_src_addr_host", else: "$packet_ipv4_src_addr" } }, attributes.ipv4SrcAddrDeviceName: "$packet_ipv4_src_addr_device_name", attributes.ipv4SrcAddrDevice: "$packet_ipv4_src_addr_device_id", attributes.l4SrcPortService: "$packet_l4_src_port_service", attributes.ipv4DstAddrHost: { $cond: { if: "$packet_ipv4_dst_addr_host", then: "$packet_ipv4_dst_addr_host", else: "$packet_ipv4_dst_addr" } }, attributes.ipv4DstAddrDeviceName: "$packet_ipv4_dst_addr_device_name", attributes.ipv4DstAddrDevice: "$packet_ipv4_dst_addr_device_id", attributes.l4DstPortService: "$packet_l4_dst_port_service" } }, { $sort: { stats.connTime: -1 } }, { $limit: 200 } ], allowDiskUse: true, fromMongos: true, cursor: { batchSize: 100 }, useNewUpsert: true, shardVersion: [ Timestamp(0, 0), ObjectId('000000000000000000000000') ], $clusterTime: { clusterTime: Timestamp(1591815096, 1), signature: { hash: BinData(0, 14286B11410EB2DFF4118C473B9224D29851FF09), keyId: 6829344041860071455 } }, $audit: { $impersonatedUsers: [ { user: "node", db: "metric" } ], $impersonatedRoles: [ { role: "readWrite", db: "metric" }, { role: "readWrite", db: "report" }, { role: "readWrite", db: "gavtest" }, { role: "readWrite", db: "config" }, { role: "readWrite", db: "snapshot" }, { role: "readWrite", db: "netflow" } ] }, $client: { driver: { name: "nodejs", version: "3.2.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-957.5.1.el7.x86_64" }, platform: "Node.js v10.13.0, LE, mongodb-core: 3.2.7", mongos: { host: "slc-stage-mongos11:27017", client: "172.27.16.28:39712", version: "4.2.6" } }, $configServerState: { opTime: { ts: Timestamp(1591815096, 1), t: 13 } }, $db: "netflow" } planSummary: IXSCAN { company: 1, source: 1, timeMs: 1 } cursorid:7567793425480549985 keysExamined:37423 docsExamined:37423 hasSortStage:1 numYields:298 nreturned:100 queryHash:58CF9BB6 planCacheKey:F0E1C7E5 reslen:55310 locks:{ ReplicationStateTransition: { acquireCount: { w: 310 } }, Global: { acquireCount: { r: 310 } }, Database: { acquireCount: { r: 310 } }, Collection: { acquireCount: { r: 310 } }, Mutex: { acquireCount: { r: 13 } } } storage:{} protocol:op_msg 1231ms
2020-06-10T12:51:46.024-0600 I  NETWORK  [conn305564] end connection 172.27.16.34:56194 (23 connections now open)
2020-06-10T12:52:12.795-0600 I  NETWORK  [conn305257] end connection 172.27.8.10:52122 (22 connections now open)
2020-06-10T12:52:29.370-0600 I  NETWORK  [listener] connection accepted from 172.28.16.20:49281 #305565 (23 connections now open)
2020-06-10T12:52:29.371-0600 I  NETWORK  [conn305565] received client metadata from 172.28.16.20:49281 conn305565: { driver: { name: "nodejs", version: "3.5.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-327.3.1.el7.x86_64" }, platform: "'Node.js v10.13.0, LE (legacy)" }
2020-06-10T12:52:29.374-0600 I  ACCESS   [conn305565] Successfully authenticated as principal monitor on admin from client 172.28.16.20:49281
2020-06-10T12:52:29.560-0600 I  NETWORK  [conn305565] end connection 172.28.16.20:49281 (22 connections now open)
2020-06-10T12:52:31.127-0600 I  NETWORK  [listener] connection accepted from 172.27.16.34:56239 #305566 (23 connections now open)
2020-06-10T12:52:31.129-0600 I  NETWORK  [conn305566] received client metadata from 172.27.16.34:56239 conn305566: { driver: { name: "nodejs", version: "3.5.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-327.18.2.el7.x86_64" }, platform: "'Node.js v10.13.0, LE (legacy)" }
2020-06-10T12:52:31.141-0600 I  ACCESS   [conn305566] Successfully authenticated as principal monitor on admin from client 172.27.16.34:56239
2020-06-10T12:52:31.562-0600 I  NETWORK  [conn305566] end connection 172.27.16.34:56239 (22 connections now open)
2020-06-10T12:52:32.036-0600 I  NETWORK  [listener] connection accepted from 172.27.16.34:56250 #305567 (23 connections now open)
2020-06-10T12:52:32.037-0600 I  NETWORK  [conn305567] received client metadata from 172.27.16.34:56250 conn305567: { driver: { name: "nodejs", version: "3.5.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-327.18.2.el7.x86_64" }, platform: "'Node.js v10.13.0, LE (legacy)" }
2020-06-10T12:52:32.047-0600 I  ACCESS   [conn305567] Successfully authenticated as principal monitor on admin from client 172.27.16.34:56250
2020-06-10T12:52:32.539-0600 I  NETWORK  [conn305567] end connection 172.27.16.34:56250 (22 connections now open)
2020-06-10T12:52:33.379-0600 I  NETWORK  [listener] connection accepted from 172.28.16.20:49314 #305568 (23 connections now open)
2020-06-10T12:52:33.380-0600 I  NETWORK  [conn305568] received client metadata from 172.28.16.20:49314 conn305568: { driver: { name: "nodejs", version: "3.5.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-327.3.1.el7.x86_64" }, platform: "'Node.js v10.13.0, LE (legacy)" }
2020-06-10T12:52:33.384-0600 I  ACCESS   [conn305568] Successfully authenticated as principal monitor on admin from client 172.28.16.20:49314
2020-06-10T12:52:33.458-0600 I  NETWORK  [conn305568] end connection 172.28.16.20:49314 (22 connections now open)
2020-06-10T12:52:34.026-0600 I  NETWORK  [listener] connection accepted from 172.27.16.34:56253 #305569 (23 connections now open)
2020-06-10T12:52:34.027-0600 I  NETWORK  [conn305569] received client metadata from 172.27.16.34:56253 conn305569: { driver: { name: "nodejs", version: "3.5.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-327.18.2.el7.x86_64" }, platform: "'Node.js v10.13.0, LE (legacy)" }
2020-06-10T12:52:34.030-0600 I  ACCESS   [conn305569] Successfully authenticated as principal monitor on admin from client 172.27.16.34:56253
2020-06-10T12:52:34.253-0600 I  NETWORK  [conn305569] end connection 172.27.16.34:56253 (22 connections now open)
2020-06-10T12:52:34.376-0600 I  NETWORK  [listener] connection accepted from 172.28.16.20:49331 #305570 (23 connections now open)
2020-06-10T12:52:34.377-0600 I  NETWORK  [conn305570] received client metadata from 172.28.16.20:49331 conn305570: { driver: { name: "nodejs", version: "3.5.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-327.3.1.el7.x86_64" }, platform: "'Node.js v10.13.0, LE (legacy)" }
2020-06-10T12:52:34.392-0600 I  ACCESS   [conn305570] Successfully authenticated as principal monitor on admin from client 172.28.16.20:49331
2020-06-10T12:52:34.437-0600 I  NETWORK  [conn305570] end connection 172.28.16.20:49331 (22 connections now open)
2020-06-10T12:52:36.391-0600 I  NETWORK  [listener] connection accepted from 172.28.16.20:49348 #305571 (23 connections now open)
2020-06-10T12:52:36.392-0600 I  NETWORK  [conn305571] received client metadata from 172.28.16.20:49348 conn305571: { driver: { name: "nodejs", version: "3.5.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-327.3.1.el7.x86_64" }, platform: "'Node.js v10.13.0, LE (legacy)" }
2020-06-10T12:52:36.395-0600 I  ACCESS   [conn305571] Successfully authenticated as principal monitor on admin from client 172.28.16.20:49348
2020-06-10T12:52:36.760-0600 I  NETWORK  [conn305571] end connection 172.28.16.20:49348 (22 connections now open)
2020-06-10T12:52:38.375-0600 I  NETWORK  [listener] connection accepted from 172.28.16.20:49356 #305572 (23 connections now open)
2020-06-10T12:52:38.376-0600 I  NETWORK  [conn305572] received client metadata from 172.28.16.20:49356 conn305572: { driver: { name: "nodejs", version: "3.5.7" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "3.10.0-327.3.1.el7.x86_64" }, platform: "'Node.js v10.13.0, LE (legacy)" }
2020-06-10T12:52:38.379-0600 I  ACCESS   [conn305572] Successfully authenticated as principal monitor on admin from client 172.28.16.20:49356
2020-06-10T12:52:38.393-0600 I  NETWORK  [conn305572] end connection 172.28.16.20:49356 (22 connections now open)
^C
[root@slc-stage-mongo11 ~]#