root@firepower:~# pmtool status | grep snort 764d6da6-f58c-11e5-a673-b2e64f9dd4d2-d01 (de,snort) - Running 27542 Command: /var/sf/detection_engines/764d6da6-f58c-11e5-a673-b2e64f9dd4d2/snort -u sfsnort -g sfsnort --daq-dir /usr/local/sf/lib/daq --daq-var afbp -M -Q -G 0 -i kvm_ivshmem:kvm_ivshmem --daq sfpacket_asa --pid-path /var/sf/detection_engines/764d6da6-f58c-11e5-a673-b2e64f9dd4d2/instance-1 --cs-dir /var/sf/detection_engines/764d6da6-f58c-11e5-a673-b2e64f9dd4d2/instance-1 -c /var/sf/detection_engines/764d6da6-f58c-11e5-a673-b2e64f9dd4d2/snort.conf -Z /var/sf/detection_engines/764d6da6-f58c-11e5-a673-b2e64f9dd4d2/instance-1/now --no-interface-pidfile -l /var/sf/detection_engines/764d6da6-f58c-11e5-a673-b2e64f9dd4d2/instance-1 -P 9218 PID File: /var/sf/detection_engines/764d6da6-f58c-11e5-a673-b2e64f9dd4d2/instance-1/snort.pid Enable File: /var/sf/detection_engines/764d6da6-f58c-11e5-a673-b2e64f9dd4d2/snort.conf root@firepower:~# root@firepower:~# pmtool status | grep de Command: /usr/bin/mysqld --defaults-file=/etc/my.cnf --user=mysql --basedir=/usr --datadir=/var/lib/mysql --pid-file=/var/run/mysql/mysqld.pid --skip-external-locking Status cmd: /usr/bin/mysqladmin --defaults-file=/etc/my.cnf -uroot -padmin ping Required by: detectionhealthd,kvm_ivshmem_kvm_ivshmem-bridged,764d6da6-f58c-11e5-a673-b2e64f9dd4d2-d01,764d6da6-f58c-11e5-a673-b2e64f9dd4d2-alert detectionhealthd (normal) - Running 4617 Command: /usr/local/sf/bin/detectionhealthd PID File: /var/sf/run/detectionhealthd.pid Command: /usr/local/sf/bin/CloudAgent --config /etc/sf/cloudagent.conf --peers-config /etc/sf/device_cap.conf --ccfg /etc/sf/bca.cfg kvm_ivshmem_kvm_ivshmem-bridged (de) - Running 4649 764d6da6-f58c-11e5-a673-b2e64f9dd4d2-d01 (de,snort) - Running 27542 Command: /var/sf/detection_engines/764d6da6-f58c-11e5-a673-b2e64f9dd4d2/snort -u sfsnort -g sfsnort --daq-dir /usr/local/sf/lib/daq --daq-var afbp -M -Q -G 0 -i kvm_ivshmem:kvm_ivshmem --daq sfpacket_asa --pid-path /var/sf/detection_engines/764d6da6-f58c-11e5-a673-b2e64f9dd4d2/instance-1 --cs-dir /var/sf/detection_engines/764d6da6-f58c-11e5-a673-b2e64f9dd4d2/instance-1 -c /var/sf/detection_engines/764d6da6-f58c-11e5-a673-b2e64f9dd4d2/snort.conf -Z /var/sf/detection_engines/764d6da6-f58c-11e5-a673-b2e64f9dd4d2/instance-1/now --no-interface-pidfile -l /var/sf/detection_engines/764d6da6-f58c-11e5-a673-b2e64f9dd4d2/instance-1 -P 9218 LD_LIBRARY_PATH=/var/sf/detection_engines/764d6da6-f58c-11e5-a673-b2e64f9dd4d2 PID File: /var/sf/detection_engines/764d6da6-f58c-11e5-a673-b2e64f9dd4d2/instance-1/snort.pid Enable File: /var/sf/detection_engines/764d6da6-f58c-11e5-a673-b2e64f9dd4d2/snort.conf 764d6da6-f58c-11e5-a673-b2e64f9dd4d2-alert (de) - Running 19926 Command: /usr/local/sf/bin/ids_event_alerter --nodaemon -X /var/sf/detection_engines/764d6da6-f58c-11e5-a673-b2e64f9dd4d2/ids_event_alerter.pid -c /var/sf/detection_engines/764d6da6-f58c-11e5-a673-b2e64f9dd4d2/ids_alert.conf PID File: /var/sf/detection_engines/764d6da6-f58c-11e5-a673-b2e64f9dd4d2/ids_event_alerter.pid Enable File: /var/sf/detection_engines/764d6da6-f58c-11e5-a673-b2e64f9dd4d2/ids_alert.conf root@firepower:~# root@firepower:~# pmtool status | grep adi Command: /usr/bin/mysqld --defaults-file=/etc/my.cnf --user=mysql --basedir=/usr --datadir=/var/lib/mysql --pid-file=/var/run/mysql/mysqld.pid --skip-external-locking adi (normal) - Running 4621 Command: /usr/local/sf/bin/adi PID File: /var/sf/run/adi.pid root@firepower:~# root@firepower:~# pmtool status | grep SFDataCorrelator SFDataCorrelator (normal) - Running 4792 Command: /usr/local/sf/bin/SFDataCorrelator --nodaemon PID File: /var/sf/run/SFDataCorrelator.pid Enable File: /etc/sf/SFDataCorrelator.run Required by: SFDataCorrelator,expire-session,TSS_Daemon,snapshot_manager,fpcollect,Syncd,Pruner,ActionQueueScrape,sfestreamer,ui_archiver root@firepower:~# root@firepower:~# ps -eaf | grep bltd sfsnort 2721 4585 0 May14 ? 00:02:12 /usr/local/sf/bin/bltd --pid-file=/var/sf/run/bltd.pid root 22977 21102 0 07:56 pts/1 00:00:00 grep bltd root@firepower:~# root@firepower:~# ps -ef | grep idhttpsd root 4491 4585 0 04:12 ? 00:00:00 /usr/local/sf/idhttpsd/bin/idhttpsd -D FOREGROUND www 19819 4491 0 07:10 ? 00:00:00 /usr/local/sf/idhttpsd/bin/idhttpsd -D FOREGROUND www 20553 4491 0 07:19 ? 00:00:00 /usr/local/sf/idhttpsd/bin/idhttpsd -D FOREGROUND root 22996 21102 0 07:56 pts/1 00:00:00 grep idhttpsd root@firepower:~# root@firepower:~# netstat -anp | grep 4455 tcp 0 0 169.254.0.1:4455 0.0.0.0:* LISTEN 4491/idhttpsd tcp 0 0 169.254.0.1:4455 169.254.5.66:3950 SYN_RECV - tcp 0 0 169.254.0.1:4455 169.254.5.133:3945 SYN_RECV - tcp 0 582 169.254.0.1:4455 169.254.3.146:3921 FIN_WAIT1 - tcp 0 0 fdcc::bd:0:ffff:a9:4455 :::* LISTEN 4491/idhttpsd