Howard-Chang
/ To_Ben
Last active
August 26, 2017 02:49
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "DSRTCLib.h" | |
| DS1339 RTC = DS1339(); | |
| void setup() { | |
| SerialMonitorInterface.begin(9600); | |
| while (!SerialMonitorInterface); | |
| long readtime[]={5}; | |
| EEPROMread(DataReadAddress,(uint8_t*)readtime,4);//I read time from EEPROM, just for debug.this line could be delete | |
| Serial.println(readtime[0]); //print time |
Howard-Chang
/ gist:60b7e24f8d2d331a1960e125796c1f4a
Created
September 23, 2017 03:40
Log_Restful API
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 版本(1) | |
| GET /logstash-*/_search //指定某段時間內有msg欄位且內容符合"anomaly: udp_src_session,......"的log並回傳其"srcip","msg","time"資訊 | |
| { | |
| "_source": { | |
| "includes": [ "srcip", "msg","time"] | |
| }, | |
| "query":{ | |
| "bool": { | |
| "must":[ | |
| { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /*丟到notepad++ 程式語言選擇C或C#會比較好看*/ | |
| logstash過濾: | |
| input { | |
| udp { | |
| port => 514 | |
| }} | |
| /*Input plugin: 輸入資料的來源端 它有特定的輸入套件(plugin) | |
| 以這個例子來說,我指定udp port:514為輸入來源端 | |
| 另外也可以指定手動輸入或是讀取logfile等等 | |
| 如果要手動輸入的話config就要這樣設定: |
Howard-Chang
/ gist:bce9781e6b2966d83b85985156dab314
Last active
October 23, 2017 08:11
ntopng_Restful(1)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (1)由Source IP查詢 | |
| GET _search | |
| { | |
| "_source": { //指定要回傳的連線時間、離線時間、destination IP、封包流量、L7_PROTO_NAME ex:HTTP、Facebook、SSL.Amazon、NTP.Apple...也有可能是unknow | |
| "includes": [ "FIRST_SWITCHED", "LAST_SWITCHED","IPV4_DST_ADDR","IPV4_SRC_ADDR","L7_PROTO_NAME","IN_BYTES","IN_PKTS","OUT_BYTES","OUT_PKTS"] | |
| }, | |
| "from" : 0, "size" : 1000, //要回傳的資料筆數,上限是1000 這邊可以自己調整 | |
| "query": { | |
| "bool": { | |
| "must": [ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| *一次查詢多個index,此方式亦可避免換日產生的問題 | |
| example: | |
| GET _search | |
| { | |
| "size" : 0, | |
| "query": { | |
| "bool": { | |
| "should": [ | |
| { | |
| "term":{"IPV4_SRC_ADDR":"192.168.0.159"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PUT /_template/logstash | |
| { | |
| "template": "logstash-*", | |
| "order": 1, | |
| "settings": { | |
| "index": { | |
| "refresh_interval": "5s" | |
| } | |
| }, | |
| "mappings": { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ntopng /c -i "tcp://127.0.0.1:5556" --prefs-dir "C:\Program Files\ntopng\runtimetemp" -F "mysql;localhost;ntopng;flows;root;" | |
| nprobe /c -n 127.0.0.1:5556 --zmq tcp://127.0.0.1:2055 | |
| ntopng /c -F "es;ntopng;ntopng-%Y.%m.%d;http://192.168.0.159:9200/_bulk;" //ELK 原本是localhost | |
| ES版本: | |
| /* | |
| ntopng /c -i "tcp://127.0.0.1:2055" --local-networks "192.168.0.0/16" -F "es;ntopng;ntopng-%Y.%m.%d;http://192.168.0.159:9200/_bulk"; | |
| nprobe /c --collector-port 5556 --zmq tcp://127.0.0.1:2055 | |
| */ | |
| Mysql版本: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 輔大 syslog.conf: | |
| input { | |
| udp { | |
| port => 514 | |
| type => syslog | |
| } | |
| stdin{ | |
| type => stdin | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ntopng /c -i "tcp://127.0.0.1:5556" --prefs-dir "C:\Program Files\ntopng\runtimetemp" -F "mysql;localhost;ntopng;flows;root;" | |
| nprobe /c -n 127.0.0.1:5556 --zmq tcp://127.0.0.1:2055 | |
| ntopng /c -F "es;ntopng;ntopng-%Y.%m.%d;http://192.168.0.159:9200/_bulk;" //ELK 原本是localhost | |
| ES版本: | |
| /* | |
| ntopng /c -i "tcp://127.0.0.1:2055" --local-networks "192.168.0.0/16" -F "es;ntopng;ntopng-%Y.%m.%d;http://192.168.0.159:9200/_bulk"; | |
| nprobe /c --collector-port 5556 --zmq tcp://127.0.0.1:2055 | |
| */ | |
| Mysql版本: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| *原先用last_switched來過濾時間改成用@timestamp來過濾 | |
| 1.上傳下載流量: | |
| GET /_search | |
| { | |
| "size" : 0, | |
| "query": { | |
| "bool": { | |
| "should": [ | |
| { |
OlderNewer