There's so many way to send logs to an elk... logspout, filebeat, journalbeat, etc.
But docker has a gelf log driver and logstash a gelf input. So here we are.
Here is a docker-compose to test a full elk with a container sending logs via gelf.
weijh imweijh
imweijh
/ run_fio.sh
Created
September 5, 2019 06:53
— forked from sennajox/run_fio.sh
A script that runs fio test and genearates a simple result for each jobs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ $# -lt 2 ]; then | |
| echo "usage:$0 dev output_dir [iodepth]" | |
| echo "example 1: Testing the whole block device. Attention: That will destory the filesystem on the target block device" | |
| echo "./run_fio.sh /dev/sdb fio_test" | |
| echo "" | |
| echo "example 2: Testing a file, but not destory filesystem. Suppose the target device mount on /data" | |
| echo "fallocate -l 1G /data/test.dat" | |
| echo "./run_fio.sh /data/test.dat fio_test" |
imweijh
/ README.md
Created
March 21, 2019 15:07
— forked from eunomie/README.md
How to send containers log to ELK using gelf log driver
imweijh
/ ipam-tools.md
Created
January 30, 2019 13:32
— forked from regnauld/ipam-tools.md
Overview of IPAM/DCIM tools - July 2016
-
HaCi http://haci.larsux.de/ - 2015-03
- IPAM only, v4/v6, multiple POPs, uses templates, space visualization
-
GestioIP https://www.gestioip.net/ - 2016-02
imweijh
/ SSL-certs-OSX.md
Created
January 19, 2019 14:56
— forked from croxton/SSL-certs-OSX.md
Generate ssl certificates with Subject Alt Names
imweijh
/ 10-cisco-elasticsearch.conf
Created
October 7, 2018 08:57
— forked from justincjahn/10-cisco-elasticsearch.conf
Logstash: Processing Cisco Logs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # INPUT - Logstash listens on port 8514 for these logs. | |
| # | |
| input { | |
| udp { | |
| port => "8514" | |
| type => "syslog-cisco" | |
| } | |
imweijh
/ Google Chrome old versions
Created
August 23, 2018 05:25
— forked from ThinkZ/Google Chrome old versions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| This page updated : 2016-12-10 21:40 | |
| Google Chrome Portable | |
| reference: | |
| Download Google Chrome Portable | |
| http://portableapps.com/apps/internet/google_chrome_portable | |
| Google Chrome (for Windows) |
imweijh
/ Enhanced NGINX logstash parser
Last active
July 17, 2018 02:02
— forked from csamsel/Enhanced NGINX logstash parser
Enhanced NGINX logstash parser to include upstream response time and request length fields
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Enhanced NGINX logstash parser: | |
| NGINX log format: | |
| log_format enhanced '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent $request_length "$http_referer" "$http_user_agent" $request_time $upstream_response_time'; | |
| access_log /var/log/nginx/access.log enhanced; | |
| error_log /var/log/nginx/error.log; | |
| logstash pattern (/opt/logstash/pattern/nginx): |
imweijh
/ audit.rules
Created
June 15, 2018 08:14
— forked from Neo23x0/audit.rules
Linux Auditd Best Practice Configuration
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ___ ___ __ __ | |
| # / | __ ______/ (_) /_____/ / | |
| # / /| |/ / / / __ / / __/ __ / | |
| # / ___ / /_/ / /_/ / / /_/ /_/ / | |
| # /_/ |_\__,_/\__,_/_/\__/\__,_/ | |
| # | |
| # Linux Audit Daemon - Best Practice Configuration | |
| # /etc/audit/audit.rules | |
| # | |
| # Compiled by Florian Roth |
imweijh
/ breachcompilation.txt
Created
June 6, 2018 06:17
1.4 billion password breach compilation wordlist
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| wordlist created from original 41G stash via: | |
| grep -rohP '(?<=:).*$' | uniq > breachcompilation.txt | |
| Then, compressed with: | |
| 7z a breachcompilation.txt.7z breachcompilation.txt | |
| Size: |
imweijh
/ latency.markdown
Created
April 8, 2018 14:10
— forked from hellerbarde/latency.markdown
Latency numbers every programmer should know
L1 cache reference ......................... 0.5 ns
Branch mispredict ............................ 5 ns
L2 cache reference ........................... 7 ns
Mutex lock/unlock ........................... 25 ns
Main memory reference ...................... 100 ns
Compress 1K bytes with Zippy ............. 3,000 ns = 3 µs
Send 2K bytes over 1 Gbps network ....... 20,000 ns = 20 µs
SSD random read ........................ 150,000 ns = 150 µs
Read 1 MB sequentially from memory ..... 250,000 ns = 250 µs