imweijh / logstash-tcp-flags-dictionary

Created February 21, 2017 02:10 — forked from whiskeyalpharomeo/logstash-tcp-flags-dictionary

Logstash TCP Flags YAML Dictionary

	"0x00": NULL
	"0x01": FIN
	"0x02": SYN
	"0x03": FIN-SYN
	"0x08": PSH
	"0x09": FIN-PSH
	"0x0A": SYN-PSH
	"0x0B": FIN-SYN-PSH
	"0x10": ACK
	"0x11": FIN-ACK

imweijh / curator_windows_executable.md

Created March 7, 2017 01:13 — forked from untergeek/curator_windows_executable.md

Build a Windows binary for Curator with Nuitka

Curator Binary Creation (Windows Edition)

Prerequisites

Please install in this order.

Install Python

Download 2.7.9 (64-bit)
Install with these options:
- Install for all users
- Customize Python 2.7.9:
  - Select Add python.exe to Path

imweijh / sshtunnel.go

Created March 28, 2017 10:57 — forked from iamralch/sshtunnel.go

SSH tunnelling in Golang

	package main

	import (
	"log"
	"bufio"
	"time"
	"os"
	"fmt"
	"io"
	"net"

imweijh / gist:c917ad22957efe6a93eaacc763242ce7

Created April 12, 2017 08:29 — forked from rmoff/gist:0b7866b7e17059920a9ab1a80ea18eb4

Metricbeat / Timelion / Kibana anomaly detection expression

$thres=0.02, .es(index='metricbeat*',metric='max:system.cpu.user.pct').lines(1).if(eq, 0, null).holt(0.9, 0.1, 0.9, 0.5h).color(#eee).lines(10).label('Prediction'), .es(index='metricbeat*',metric='max:system.cpu.user.pct').color(#666).lines(1).label(Actual), .es(index='metricbeat*',metric='max:system.cpu.user.pct').lines(1).if(eq, 0, null).holt(0.9, 0.1, 0.9, 0.5h).subtract(.es(index='metricbeat*',metric='max:system.cpu.user.pct')).abs().if(lt, $thres, null, .es(index='metricbeat*',metric='max:system.cpu.user.pct')).points(10,3,0).color(#c66).label('Anomaly').title('max:system.cpu.user.pct / @rmoff')

imweijh / gist:9f53b1fa8fc640129c31fe0233682550

Created May 5, 2017 06:59 — forked from artbikes/gist:2313040

auditd logstash pattern

	AUDIT type=%{WORD:audit_type} msg=audit$%{NUMBER:audit_epoch}:%{NUMBER:audit_counter}$: user pid=%{NUMBER:audit_pid} uid=%{NUMBER:audit_uid} auid=%{NUMBER:audit_audid} subj=%{WORD:audit_subject} msg=%{GREEDYDATA:audit_message}
	AUDITLOGIN type=%{WORD:audit_type} msg=audit$%{NUMBER:audit_epoch}:%{NUMBER:audit_counter}$: login pid=%{NUMBER:audit_pid} uid=%{NUMBER:audit_uid} old auid=%{NUMBER:old_auid} new auid=%{NUMBER:new_auid} old ses=%{NUMBER:old_ses} new ses=%{NUMBER:new_ses}

imweijh / logstash.conf

Created May 11, 2017 13:05 — forked from jordansissel/logstash.conf

	input {
	generator {
	count => 1
	lines => [
	"qid=ABCD1 first",
	"qid=XYZ2 first",
	"qid=ABCD1 second",
	"qid=XYZ2 second",
	"qid=ZZZZ first",
	"qid=ABCD1 third"

imweijh / rsyslog.sh

Created August 2, 2017 06:41 — forked from baskaran-md/rsyslog.sh

Install/Update Rsyslog - CentOs

	yum install -y wget
	wget http://rpms.adiscon.com/v8-stable/rsyslog.repo
	mv rsyslog.repo /etc/yum.repos.d/rsyslog.repo
	yum info rsyslog --skip-broken
	yum install -y rsyslog
	rsyslogd -version

imweijh / authorize.lua

Created August 15, 2017 01:51 — forked from philwinder/authorize.lua

IVZ: Nginx config for using Lua as the authentication module. You must install nginx with lua support. See "openresty" for linux distros or the vagrant bootstrap shell script.

	--[[
	Provides custom authorization for nginx.
	See the `nginx_authorize_by_lua.conf` for the Nginx config. This lua file is referenced in the config
	See testWebserverAccess.sh for unit tests.

	To Run nginx (make sure you have the lua, config and htpasswd file):
	$ /usr/local/openresty/nginx/sbin/nginx -c /etc/nginx/conf/nginx_authorize_by_lua.conf

	Logs are available at: /usr/local/openresty/nginx/logs/lua.log
	To write to the log:

imweijh / metrics-template.json

Created December 18, 2017 03:19 — forked from tegud/metrics-template.json

Template for using Elasticsearch as a Time Series Database

	{
	"metrics" : {
	"order" : 0,
	"template" : "metrics-*",
	"settings" : {
	"index" : {
	"refresh_interval" : "5s"
	}
	},
	"mappings" : {

imweijh / build.sh

Created January 16, 2018 00:56 — forked from dzlab/build.sh

Configure NGINX to log HTTP POST request's body

	#!/bin/bash
	echo "Building NGINX along with Echo module"

	# install prerequisites
	yum -y install gcc gcc-c++ make zlib-devel pcre-devel openssl-devel

	# download the Echo module
	curl -L -O 'https://github.com/openresty/echo-nginx-module/archive/v0.58.tar.gz'
	tar -xzvf v0.58.tar.gz && rm v0.58.tar.gz
	mv echo-nginx-module-0.58 /tmp/echo-nginx-module

	AUDIT type=%{WORD:audit_type} msg=audit\(%{NUMBER:audit_epoch}:%{NUMBER:audit_counter}\): user pid=%{NUMBER:audit_pid} uid=%{NUMBER:audit_uid} auid=%{NUMBER:audit_audid} subj=%{WORD:audit_subject} msg=%{GREEDYDATA:audit_message}
	AUDITLOGIN type=%{WORD:audit_type} msg=audit\(%{NUMBER:audit_epoch}:%{NUMBER:audit_counter}\): login pid=%{NUMBER:audit_pid} uid=%{NUMBER:audit_uid} old auid=%{NUMBER:old_auid} new auid=%{NUMBER:new_auid} old ses=%{NUMBER:old_ses} new ses=%{NUMBER:new_ses}

weijh imweijh

Curator Binary Creation (Windows Edition)

Prerequisites

Install Python