11/3に行うRAMにて実施するTutorialです.
全体の流れは以下に示すとおりです.
- Dockerを使ってElasticsearch
- Dockerを使ってMoloch
- Molochでpcapを解析
- 解析結果を眺める
shunkin shunkino
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 'use strict' | |
| const promisify = require('promisify-es6') | |
| const EventEmitter = require('events') | |
| const eos = require('end-of-stream') | |
| const isNode = require('detect-node') | |
| const setImmediate = require('async/setImmediate') | |
| const PubsubMessageStream = require('./utils/pubsub-message-stream') | |
| const stringlistToArray = require('./utils/stringlist-to-array') | |
| const moduleConfig = require('./utils/module-config') |
shunkino
/ elasticsearch.yaml
Last active
November 2, 2018 06:02
Configuration of elasticsearch for my blog.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| network.host: 0.0.0.0 | |
| http.cors.allow-credentials: true | |
| http.cors.enabled: true | |
| http.cors.allow-origin: "*" | |
| http.cors.allow-headers: Access-Control-Allow-Headers,X-Requested-With,X-Auth-Token,Content-Type,Content-Length,Authorization |
shunkino
/ elasticsearch_docker-compose.yml
Last active
November 6, 2018 01:55
Elasticsearch cluster docker-compose for my work. Use ES 5.6.9
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '2.2' | |
| services: | |
| kibana: | |
| image: docker.elastic.co/kibana/kibana:5.6.9 | |
| container_name: kibana | |
| volumes: | |
| - ./kibana.yml:/usr/share/kibana/config/kibana.yml | |
| ports: | |
| - 5601:5601 | |
| networks: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| mkdir ${HOME}/es_storage | |
| cd ${HOME}/es_storage | |
| mkdir esdata1 | |
| mkdir esdata2 | |
| mkdir esdata3 | |
| mkdir esdata4 |
shunkino
/ docker-compose.yml
Last active
November 6, 2018 01:54
docker-compose file for elasticsearch blog. This is for newer versions of elasticsearch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '2' | |
| services: | |
| kibana: | |
| image: docker.elastic.co/kibana/kibana:6.4.2 | |
| container_name: kibana | |
| volumes: | |
| - ./kibana.yml:/usr/share/kibana/config/kibana.yml | |
| ports: | |
| - 5601:5601 | |
| networks: |
shunkino
/ packet_analysis_conda.yml
Created
November 6, 2018 05:47
Anaconda env for packet analysis
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: base | |
| channels: | |
| - anaconda | |
| - activisiongamescience | |
| - conda-forge | |
| - defaults | |
| dependencies: | |
| - geoip2=2.2.0=py36_0 | |
| - libmaxminddb=1.1.4=0 | |
| - maxminddb=1.2.0=py36_0 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server.host: "0.0.0.0" | |
| elasticsearch.url: "http://elasticsearch:9200" |
shunkino
/ elasticsearch_moloch_query.py
Last active
November 27, 2018 18:01
query to moloch example for my blog
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from elasticsearch import Elasticsearch | |
| es = Elasticsearch(['elasticsearch:9200']) | |
| response = es.search( | |
| index="sessions2-181016", | |
| body={ | |
| "size": 0, | |
| "query": { | |
| "bool": { | |
| "filter": { | |
| "bool": { |
shunkino
/ convert_colorscale.py
Created
November 28, 2018 05:36
color scale converter file for my blog
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import plotly.graph_objs as go | |
| from plotly.offline import download_plotlyjs, init_notebook_mode, plot, iplot | |
| import numpy as np | |
| import colorlover as cl | |
| def convert_colorscale_format(colorscale): | |
| plotly_colorscale = [] | |
| for index, sec_value in enumerate(np.linspace(0, 1, len(colorscale))): | |
| plotly_colorscale.append([sec_value, colorscale[index]]) | |
| return plotly_colorscale | |
| # %% |