Robin Kearney rk295
rk295
/ gist:6fb03c65b49273548212
Last active
June 9, 2021 11:45
Fortigate Firewall Logstash Grok filter
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input { | |
| syslog { | |
| type => "fortigate" | |
| port => 5001 | |
| } | |
| } | |
| filter { | |
| if [type] == "fortigate" { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| %{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR} %{NUMBER:xferTime} %{IP:remoteHost} %{NUMBER:fileSize} %{PATH:fileName} %{WORD:transferType} %{WORD: specialActionFlag} %{WORD:direction} %{WORD:accessmode} %{WORD:username} %{WORD:serviceName} %{WORD:authenticationMethod} %{DATA:aut} %{WORD:completionStatus} | |
| https://grokdebug.herokuapp.com/ | |
| Fri Aug 29 16:53:15 2014 4 173.220.95.58 873550 /u01/clients/globeph/source/live-feed/140828_Ariana_Grande-JBB/IMG_7240.jpg b _ i r globeph ftp 0 * c |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input { | |
| file { | |
| path => "/var/log/xferlog" | |
| type => "xferlog" | |
| add_field => { "program" => "proftpd" } | |
| } | |
| } | |
| filter { | |
| if [type] == "xferlog" { |
rk295
/ proftpd mod_shaper bug?
Last active
August 29, 2015 14:02
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| % lsof -p 11508 | grep shaper | |
| proftpd 11508 nobody mem REG 253,0 77410 1402491 /usr/libexec/proftpd/mod_shaper.so | |
| proftpd 11508 nobody 4w REG 253,0 4163 1402473 /var/log/ftpd/shaper.log | |
| proftpd 11508 nobody 5u REG 253,0 120 1402472 /var/log/ftpd/shaper.tab | |
| % cd /var/log/ftpd | |
| % mv shaper.log shaper.log.old | |
| % touch shaper.log | |
| % cat /var/run/proftpd.pid | |
| 11508 | |
| % kill -HUP 11508 |
rk295
/ gist:8438415
Created
January 15, 2014 15:37
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "data": [ | |
| #timezone local# | |
| #raw# | |
| #jump -300# | |
| #loop 100# | |
| { | |
| "#idx "%m/%d/%Y %H:%M"#": { | |
| "TempOut": #temp_out "%.1f"#, | |
| "FeelsLike": #calc "apparent_temp(data['temp_out'], data['hum_out'], data['wind_ave'])" "%.1f"#, |
NewerOlder