iamhowardtheduck

#!/bin/bash
set -e

# Install build tools and a new GCC
sudo apt-get update
sudo apt-get install -y build-essential pkg-config libssl-dev gcc-12 g++-12

# Set gcc-12 as default
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-12 100
sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-12 100

iamhowardtheduck

filebeat.inputs:

# TOR NODE ACTIVITY INPUT
- type: httpjson
  interval: 60m
  index: logs-ti_tor.node_activity
  pipeline: "logs-ti_tor.node_activity"  
  request.url: https://onionoo.torproject.org/details?fields=exit_addresses,nickname,fingerprint,running,as_name,verified_host_names,unverified_host_names,or_addresses,last_seen,last_changed_address_or_port,first_seen,hibernating,last_restarted,bandwidth_rate,bandwidth_burst,observed_bandwidth,flags,version,version_status,advertised_bandwidth,platform,recommended_version,contact  
  response.split:
    target: body.relays

iamhowardtheduck

- decode_json_fields:
    fields: ["message"]
    target: ""
    overwrite_keys: true
- rename:
    fields:
      - from: "advertised_bandwidth"
        to: "tor.bandwidth.advertised"
    ignore_missing: true
- rename:

iamhowardtheduck

PUT _index_template/logs-ti_tor.node_activity
{
  "priority": 200,
  "template": {
    "settings": {
      "index": {
        "mode": "logsdb",
        "number_of_replicas": "1",
        "default_pipeline": "logs-ti_tor.node_activity"
      }

iamhowardtheduck

PUT _ingest/pipeline/logs-ti_tor.node_activity
{
  "description": "Pipeline for parsing TOR node activity. Requires the geoip plugin.",
  "processors": [
    {
      "geoip": {
        "ignore_failure": true,
        "field": "tor.exit.ip",
        "target_field": "tor.exit.geo"
      }

iamhowardtheduck

# First create your ingest pipeline to parse the data in DevTools:

PUT _ingest/pipeline/logs-ti_tor.node_activity
{
  "description": "Pipeline for parsing TOR node activity. Requires the geoip plugin.",
  "processors": [
    {
      "geoip": {
        "ignore_failure": true,
        "field": "tor.exit.ip",

iamhowardtheduck

clear
echo -e "\n\n\n\n\n\n\n"
if [[ $EUID -eq 0 ]]; then
  echo "This script must NOT be run as \"root\" OR as \"sudo $USER\"; please try again." 1>&2
  exit 1
fi
#
# BEGIN WELCOME SCREEN & INITIAL UPDATING
#
clear

iamhowardtheduck

PUT _index_template/elastic-cloud-logs-8
{
  "version": 1,
  "priority": 1000,
  "template": {
    "settings": {
      "index": {
        "lifecycle": {
          "name": "elastic-cloud-logs",
          "rollover_alias": "elastic-cloud-logs-8"

iamhowardtheduck

clear
echo -e "\n\n\n\n\n\n\n"
if [[ $EUID -eq 0 ]]; then
  echo "This script must NOT be run as \"root\" OR as \"sudo $USER\"; please try again." 1>&2
  exit 1
fi
sudo apt update -y
sudo apt install dialog git -y
#
# BEGIN WELCOME SCREEN & INITIAL UPDATING

iamhowardtheduck

# Comprises of the following and to be installed in this order:
# - Index template for field mapping
# - DevTool command for index creation
# - Ingest pipelines for conditional parsing (1 main and 16 conditional)
# - Logstash pipeline to query Home-Assistant states via an API; use this link to obtain your authorization from your Home-Assistant instance:
# -- https://developers.home-assistant.io/docs/api/rest/ --
# - A lot of blood, sweat, and tears (not really, this was fun!) ☺


### INDEX TEMPLATE ### (updated: 20220928)