gschanuel

{"connected":[{"socket":6,"local_host":"192.168.1.126","local_port":5201,"remote_host":"192.168.1.2","remote_port":35430}],"version":"iperf 3.7","system_info":"Linux air 5.3.7-arch1-2-ARCH #1 SMP PREEMPT @1572002934 x86_64","sock_bufsize":0,"sndbuf_actual":16384,"rcvbuf_actual":131072,"timestamp":{"time":"Thu, 31 Oct 2019 04:42:39 GMT","timesecs":1572496959},"accepted_connection":{"host":"192.168.1.2","port":35428},"cookie":"2fgcvenjm7mxp6ek7c5v647kbnmwwzmbmivb","tcp_mss_default":0,"test_start":{"protocol":"TCP","num_streams":1,"blksize":131072,"omit":0,"duration":10,"bytes":0,"blocks":0,"reverse":0,"tos":0}}
{"streams":[{"sender":{"socket":6,"start":0,"end":10.010032,"seconds":10.010032,"bytes":0,"bits_per_second":0,"sender":false},"receiver":{"socket":6,"start":0,"end":10.010032,"seconds":10.010032,"bytes":109548440,"bits_per_second":87550920.91613692,"sender":false}}],"sum_sent":{"start":0,"end":10.010032,"seconds":10.010032,"bytes":0,"bits_per_second":0,"sender":false},"sum_received":{"start":0,"end":10.0

gschanuel

filebeat.inputs:
- type: log
  enabled: true
  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - /logs/iperf_*.json
  encoding: plain
  json.keys_under_root: true
  json.add_error_key: true
  close_removed : false

gschanuel

{"start":{"connected":[{"socket":6,"local_host":"192.168.1.126","local_port":5201,"remote_host":"192.168.1.2","remote_port":35430}],"version":"iperf 3.7","system_info":"Linux air 5.3.7-arch1-2-ARCH #1 SMP PREEMPT @1572002934 x86_64","sock_bufsize":0,"sndbuf_actual":16384,"rcvbuf_actual":131072,"timestamp":{"time":"Thu, 31 Oct 2019 04:42:39 GMT","timesecs":1572496959},"accepted_connection":{"host":"192.168.1.2","port":35428},"cookie":"2fgcvenjm7mxp6ek7c5v647kbnmwwzmbmivb","tcp_mss_default":0,"test_start":{"protocol":"TCP","num_streams":1,"blksize":131072,"omit":0,"duration":10,"bytes":0,"blocks":0,"reverse":0,"tos":0}},"intervals":[{"streams":[{"socket":6,"start":0,"end":1.000244,"seconds":1.0002440214157104,"bytes":10890408,"bits_per_second":87102009.24439296,"omitted":false,"sender":false}],"sum":{"start":0,"end":1.000244,"seconds":1.0002440214157104,"bytes":10890408,"bits_per_second":87102009.24439296,"omitted":false,"sender":false}},{"streams":[{"socket":6,"start":1.000244,"end":2.000178,"seconds":0.999934

gschanuel

(window["webpackJsonp"]=window["webpackJsonp"]||[]).push([["chunk-vendors"],{"014b":function(t,e,n){"use strict";var r=n("e53d"),o=n("07e3"),i=n("8e60"),a=n("63b6"),s=n("9138"),c=n("ebfd").KEY,u=n("294c"),f=n("dbdb"),l=n("45f2"),p=n("62a0"),d=n("5168"),v=n("ccb9"),h=n("6718"),y=n("47ee"),m=n("9003"),g=n("e4ae"),b=n("f772"),_=n("241e"),w=n("36c3"),x=n("1bc3"),O=n("aebd"),S=n("a159"),C=n("0395"),A=n("bf0b"),k=n("9aa9"),j=n("d9f6"),$=n("c3a1"),E=A.f,T=j.f,P=C.f,N=r.Symbol,L=r.JSON,I=L&&L.stringify,M="prototype",D=d("_hidden"),F=d("toPrimitive"),R={}.propertyIsEnumerable,U=f("symbol-registry"),B=f("symbols"),H=f("op-symbols"),V=Object[M],z="function"==typeof N&&!!k.f,q=r.QObject,W=!q||!q[M]||!q[M].findChild,G=i&&u((function(){return 7!=S(T({},"a",{get:function(){return T(this,"a",{value:7}).a}})).a}))?function(t,e,n){var r=E(V,e);r&&delete V[e],T(t,e,n),r&&t!==V&&T(V,e,r)}:T,K=function(t){var e=B[t]=S(N[M]);return e._k=t,e},J=z&&"symbol"==typeof N.iterator?function(t){return"symbol"==typeof t}:function(t){return 

gschanuel

config redirect
	option target 'DNAT'
	option src 'wan'
	option dest 'lan'
	option proto 'tcp udp'
	option dest_ip '192.168.1.2'
	option name 'DMZ'

config defaults

gschanuel

          if "globalprotect" in [Content/Threat Type]{
              mutate {
                 copy => { "Description" => "Description2" }
              }
              grok {
                  match => { "Description2" => "GlobalProtect gateway (?<GlobalProtect.Action>[^.]*). %{GREEDYDATA:GlobalProtect}" }
              }
             kv {
                target => "GlobalProtect"
                trim_key => " "

gschanuel

GlobalProtect gateway user authentication succeeded. Login from: xxx.xxx.xxx, Source region: BR, User name: cyz, Auth type: cookie, Client OS version: Microsoft Windows 10 Enterprise , 64-bit.

GlobalProtect gateway client configuration generated. User name: xyz, Private IP: xxx.xxx.xxx, Client version: 4.0.3-31, Device name: XYZ, Client OS version: Microsoft Windows 10 Enterprise , 64-bit, VPN type: Device Level VPN.
	
GlobalProtect gateway client configuration released. User name: xyz, Private IP: xxx.xxx.xxx, Client version: 4.0.3-31, Device name: XYZ, Client OS version: Microsoft Windows 10 Enterprise , 64-bit, VPN type: Device Level VPN.
	
GlobalProtect gateway user logout succeeded. User name: pre-logon, Client OS version: Microsoft Windows 10 Enterprise , 64-bit, Reason: user session expired.

gschanuel

Description | GlobalProtect gateway client switch to SSL tunnel mode succeeded. User name: xuz, Private IP: xxx.xxx.xxx.
GlobalProtect."GlobalProtect gateway client switch to SSL tunnel mode succeeded. User name | xyz
GlobalProtect.2020/03/24 04	|23:36, 23:36
GlobalProtect.Action	| client switch to SSL tunnel mode succeeded
GlobalProtect.Private IP| xxx.xxx.xxx.

gschanuel

input {
	syslog {
		timezone => "America/Sao_Paulo"
		port => "5514"
		type => "syslog"
		tags => [ "PAN-OS_SysLog" ]
	}

	beats {
	   port => "5044"

gschanuel

tmp_field2."GlobalProtect gateway user authentication succeeded. Login from	
xxx.xxx
tmp_field2.2020/03/24 05	
29:03, 29:03
tmp_field2.Auth type	
cookie
tmp_field2.Client OS version	
Microsoft Windows 10 Enterprise
tmp_field2.Source region	
BR