Larry Smith Jr. mrlesmithjr

Delivery Manager. Ansible, Kubernetes, Python, and agentic tooling. Automating things that shouldn't be manual. Open source contributor and mentor.

mrlesmithjr / gist:4b33e2e17fc85df8bffe

Created July 23, 2014 18:55

mrlesmithjr / gist:381536d13f86dcb89d3f

Created September 5, 2014 22:57

	[INFO ] salt-cloud starting
	[WARNING ] Failed to import cloud vsphere, this is due most likely to a syntax error. Traceback raised:
	Traceback (most recent call last):
	File "/usr/lib/pymodules/python2.7/salt/loader.py", line 707, in gen_functions
	), fn_, path, desc
	File "/usr/lib/pymodules/python2.7/salt/cloud/clouds/vsphere.py", line 5
	<!DOCTYPE html>
	^
	SyntaxError: invalid syntax
	[WARNING ] The cloud driver, 'vsphere', configured under the 'my-vsphere-vcsa' cloud provider alias was not loaded since 'vsphere.get_configured_provider()' could not be found. Removing it from the available providers list

mrlesmithjr / iptables_cluster.sh

Last active November 11, 2015 05:31

	#!/bin/bash
	# check for iptables-persistent package and install if not already installed
	script_name="iptablesrules.sh"
	# change user to the account you wish to use on the remote nodes
	user="root"

	tee $script_name <<EOF
	if apt-get -qq install iptables-persistent; then
	echo "Successfully detected iptables-persistent"
	else

mrlesmithjr / bro-ids_logstash.conf

Last active January 19, 2022 07:34

	# Bro-IDS Logstash parser
	# Parts of this taken from http://www.appliednsm.com/wp-content/uploads/logstash-SObro22-parse.conf_.txt

	#Logs being parsed:
	#app_stats.log
	#conn.log
	#dns.log
	#dpd.log
	#files.log
	#http.log

mrlesmithjr / logstash_NSX_firewall

Last active February 21, 2020 22:53

	filter {
	if "syslog" in [tags] {
	grok {
	match => [
	"message", "<%{POSINT}>%{SYSLOGTIMESTAMP} %{SYSLOGHOST:syslog_host_id} %{GREEDYDATA}"
	]
	}
	if [syslog_host_id] =~ /.?(nsvpx).?(everythingshouldbevirtual.local)?/ {
	mutate {
	add_tag => [ "Netscaler" ]

mrlesmithjr / pfsense_snort_logstash

Last active August 29, 2015 14:08

	# Setting up PFsense Firewall parsing
	filter {
	if "PFSense" in [tags] {
	mutate {
	add_tag => [ "firewall" ]
	}
	grok {
	match => [
	"message", "<%{POSINT:syslog_pri}>%{SYSLOGBASE} %{NOTSPACE} %{GREEDYDATA:pfsense_message}",
	"message", "<%{POSINT:syslog_pri}>%{SYSLOGBASE} %{GREEDYDATA:pfsense_message}"

mrlesmithjr / logstash_cisco_asa

Created December 12, 2014 02:55

Logstash parsing for Cisco ASA

	# Cisco ASA
	filter {
	if "syslog" in [tags] and "pre-processed" not in [tags] {
	if "%ASA-" in [message] {
	mutate {
	add_tag => [ "pre-processed", "Firewall", "ASA" ]
	}
	grok {
	match => [
	"message", "<%{POSINT:syslog_pri}>%{CISCOTIMESTAMP:timestamp} %{SYSLOGHOST:sysloghost} %%{CISCOTAG:cisco_tag}: %{GREEDYDATA:cisco_message}"

mrlesmithjr / haproxy-mysqlchk

Last active September 19, 2020 09:30

mrlesmithjr / logstash-ASA-Dashboard

Created February 10, 2015 15:23

mrlesmithjr / gist:25c1d919a27551cfead3

Created March 6, 2015 16:50

	"orig_message", "snort\[%{INT:snort_pid}\]\:.\[%{INT:ids_gid}\:%{INT:ids_sid}\:%{INT:ids_rev}\].%{GREEDYDATA:ids_alert}.\[Classification\: %{DATA:ids_classification}\].\[Priority\: %{INT:ids_priority}].{%{WORD:ids_proto}}.%{IP:src_ip}:%{INT:src_port} \-\>.*%{IP:dst_ip}:%{INT:dst_port}",
	"orig_message", "snort\[%{INT:snort_pid}\]\:.\[%{INT:ids_gid}\:%{INT:ids_sid}\:%{INT:ids_rev}\].%{GREEDYDATA:ids_alert}.\[Classification\: %{DATA:ids_classification}\].\[Priority\: %{INT:ids_priority}].\{PROTO:%{WORD:ids_proto}.%{IP:src_ip} \-\>.*%{IP:dst_ip}"