lennartkoopmann

packetbeat.interfaces.device: any
packetbeat.protocols.dns:
  ports: [53]
  include_authorities: true
  include_additionals: true
name: tap
output.logstash:
  hosts: ["graylog.example.org:12200"]

lennartkoopmann

[lennart@sundaysister ~ ]$ tar -cf test.tar Downloads/
load: 2.21  cmd: bsdtar 21161 running 0.00u 0.35s
In: 80 files, 62984192 bytes; Out: 62976000 bytes, compression 0%
Current: Downloads/DockerToolbox-1.11.0.pkg (48627712/188520546 bytes)

lennartkoopmann

PUTVAL "temperatures/case_internal" interval=60 N:100.4

---

temperatures case_internal:GAUGE:U:U

lennartkoopmann

rule "Extract Snort alert fields"
when
  has_field("message")
then
  let m = regex("^\\s?\\[(\\d+):(\\d+):(\\d+)\\] (.+?) \\[Classification: (.+?)\\] \\[Priority: (\\d+)] \\{(.+?)\\} (\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}):(\\d{1,5}) -> (\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}):(\\d{1,5})\\R?", to_string($message.message));
  
  set_field("snort_alert", true);
  
  set_field("generator_id", m["0"]);
  set_field("signature_id", m["1"]);

lennartkoopmann

Time: 07/17-15:44:51.136436 
event_ref: 0
192.168.1.4 -> 192.168.1.24 (portscan) TCP Portscan
Priority Count: 9
Connection Count: 10
IP Count: 1
Scanner IP Range: 192.168.1.4:192.168.1.4
Port/Proto Count: 10
Port/Proto Range: 23:8888

lennartkoopmann

# Run complete. Total time: 00:05:07

Benchmark                                 Mode  Cnt  Score   Error  Units
LazyQuantifierBenchmark.greedyMatchEarly  avgt   50  2.432 ± 0.053  us/op
LazyQuantifierBenchmark.greedyMatchLate   avgt   50  0.788 ± 0.045  us/op
LazyQuantifierBenchmark.lazyMatchEarly    avgt   50  0.623 ± 0.003  us/op
LazyQuantifierBenchmark.lazyMatchLate     avgt   50  2.281 ± 0.154  us/op

lennartkoopmann

Input strings:

"early":
  at=info status=302 method=GET path="/repo/debian/dists/trusty/1.2/binary-amd64/Packages.gz" host=packages.graylog2.org request_id=f9de9767-2aa1-4e64-8d82-36f8ace006e1 fwd="54.215.46.35" dyno=web.1 connect=0ms service=1ms bytes=287

"late":
  at=info method=GET path="/repo/debian/dists/trusty/1.2/binary-amd64/Packages.gz" host=packages.graylog2.org request_id=f9de9767-2aa1-4e64-8d82-36f8ace006e1 fwd="54.215.46.35" dyno=web.1 connect=0ms service=1ms status=302 bytes=287
  
Regular expressions:

lennartkoopmann

Regular expression: (a+)+Z

"unexpectedInput1": aaaaaaaaaaaaaaaaaaaaaa
"unexpectedInput2": aaaaaaaaaaaaaaaaaaaaaaa
"expectedInput":    aaaaaaaaaaaaaaaaaaaaaaaZ

lennartkoopmann

# Run complete. Total time: 00:02:35

Benchmark                                  Mode  Cnt       Score       Error  Units
UnexpectedInputBenchmark.expectedInput     avgt   50       0.186 ±     0.034  us/op
UnexpectedInputBenchmark.unexpectedInput1  avgt   50  246381.032 ± 23649.682  us/op
UnexpectedInputBenchmark.unexpectedInput2  avgt   50  453904.349 ± 23412.333  us/op

lennartkoopmann

@State(Scope.Benchmark)
@BenchmarkMode(Mode.AverageTime)
@OutputTimeUnit(TimeUnit.MICROSECONDS)
public class DateRegexBenchmark {

    private static final String MESSAGE = "2015-12-15T07:36:25+00:00 sundaysister kernel[0]: **** [IOBluetoothHostControllerUSBTransport][ClearFeatureInterruptEndpointHalt] -- successfully posting another read for the mInt0InterruptPipe -- mInterruptPipeInOutstandingIOCount = 1 -- this = 0xb800";

    private static Pattern VERY_DESCRIPTIVE;
    private static Pattern DESCRIPTIVE;
    private static Pattern OPEN;