Skip to content

Instantly share code, notes, and snippets.

View Howard-Chang's full-sized avatar
🌴
On vacation

Howard-Chang

🌴
On vacation
2 followers · 3 following
View GitHub Profile
@Howard-Chang
Howard-Chang / syslog API
Last active August 21, 2018 05:34
慈濟科大syslog REST API
#top10 protocol name
GET _search
{
"size" : 0,
"query": {
"bool": {
"should": [
{
"term":{"IPV4_SRC_ADDR":"203.68.62.36"}
},
@Howard-Chang
Howard-Chang / copy.c
Last active March 25, 2019 13:43
copy.c
#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <sys/types.h>
#include <fcntl.h>
#include <unistd.h>
#include <sys/types.h>
#include <unistd.h>
@Howard-Chang
Howard-Chang / HELP ME.c
Created July 24, 2018 11:03
HELP ME
#include<stdio.h>
int removeDuplicates(int* nums, int numsSize) {
}
int main()
{
int i=0,j=0,k=0,count=0;
int arr[]={1,2,2,3,3,4,5,5};
@Howard-Chang
Howard-Chang / 桃教網指令
Last active August 21, 2018 08:43
桃教網指令
C:\Windows\system32>cd /d E:\ELK\elasticsearch-curator-5.2.0-amd64\curator-5.2.0-amd64\
E:\ELK\elasticsearch-curator-5.2.0-amd64\curator-5.2.0-amd64>curator --config curator.yml delete_indeces.yml
2018-02-05 12:00:03,160 INFO Preparing Action ID: 1, "delete_indices"
2018-02-05 12:00:03,254 INFO Trying Action ID: 1, "delete_indices": Delete indices older than 1 days (based on index name), for logstash- prefixed indices. Ignore the error if the filter does not result in an actionable list of indices (ignore_empty_list) and exit cleanly.
2018-02-05 12:00:03,317 INFO Skipping action "delete_indices" due to empty list: <class 'curator.exceptions.NoIndices'>
2018-02-05 12:00:03,317 INFO Action ID: 1, "delete_indices" completed.
2018-02-05 12:00:03,317 INFO Job completed.
@Howard-Chang
Howard-Chang / basic authenticate
Last active July 12, 2018 08:21
nginx-ldap-auth&nginx-auth-ldap& basic authenticate
basic authenticate (lab:苗網ES4)
nginx.conf:
user nginx;
worker_processes 4;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
@Howard-Chang
Howard-Chang / x-pack
Last active June 6, 2018 11:57
x-pack
sh users useradd my_admin -p my_password -r superuser
curl -u my_admin -XPUT 'http://163.19.163.239:9200/_xpack/security/user/elastic/_password?pretty' -H 'Content-Type: application/json' -d'
{
"password" : "9ol./;p0"
}'
Enter host password for user 'my_admin':
@Howard-Chang
Howard-Chang / Centos Firewalld|network 設定
Last active August 22, 2018 04:24
Centos Firewalld 設定
netstat -tulpn //查看有哪些port被哪些程序所佔用
firewall-cmd --zone=public --list-all //查看哪些port是public的
firewall-cmd --zone=public --add-port=5510/tcp //把tcp 5510加到public
firewall-cmd --zone=public --remove-port=5510/tcp //把tcp 5510從public中移除
LS server:
firewall-cmd --zone=public --add-port=5556/udp //把udp 5556加到public
ES server:
firewall-cmd --zone=public --add-port=9300/tcp //把tcp 9300加到public
@Howard-Chang
Howard-Chang / syslog.conf
Last active March 6, 2018 03:42
輔大syslog.conf
1.把type是anomaly的syslog抓出來,包含其IPV4_SRC_ADDR、IPV4_DST_ADDR、time.
GET _search
{
"_source": {
"includes": [ "IPV4_SRC_ADDR","IPV4_DST_ADDR","msg","time","attack"]
},
"query":{
"bool": {
"must":[
@Howard-Chang
Howard-Chang / ELK.sh
Last active May 4, 2018 09:20
linux auto shell
建立一個sh檔案,加入以下指令:
sh /home/es3/Downloads/elasticsearch-5.6.6/bin/elasticsearch &
sh /home/es3/Downloads/kibana-5.6.6-linux-x86_64/bin/kibana
cd /home/logstash/Downloads/logstash-5.6.6/bin
sh logstash -f /home/logstash/Downloads/logstash-5.6.6/bin/flow.conf
logstash server:
#!/bin/bash
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
@Howard-Chang
Howard-Chang / ntopng+nprobe+ELK.bat
Last active February 27, 2018 10:51
ntopng+nprobe+ELK batch
cd /d D:\nProbe
start nprobe /c --zmq "tcp://*:2055" -i none -n none --collector-port 5556
cd /d D:\ntopng
start ntopng /c -i tcp://127.0.0.1:2055 -F "logstash;120.127.160.91;tcp;5510" --local-networks "120.127.0.0/16"
cd /d D:\elasticsearch-5.6.5\bin
echo "starting elasticsearch"
start elasticsearch
cd /d D:\kibana-5.6.5-windows-x86\bin