I hereby claim:
- I am Kvetch on github.
- I am kvetch (https://keybase.io/kvetch) on keybase.
- I have a public key whose fingerprint is A04E F86F 18E5 CFCB 233B 356C F334 F490 363B 5A0F
To claim this, I am signing this object:
input { | |
file { | |
type => "bro_logs" | |
path => "/Analysis/Pcaps/*.log" | |
start_position => beginning | |
codec => json | |
sincedb_path => "/var/log/.bro_sincedb" | |
} | |
} |
Under bro/share/bro/site/local.bro | |
add @tuning/json-logs | |
No.bro extension from the policy file | |
run broctl config | |
run broctl install | |
bro -r faf-exercise.pcap | |
OR |
input { | |
beats { | |
port => 5044 | |
} | |
} | |
output { | |
elasticsearch { | |
hosts => ["http://localhost:9200"] | |
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}" |
input { | |
beats { | |
type => "beats" | |
port => 5044 | |
#codec => json | |
} | |
file { | |
type => "procmon" | |
############ CHANGE ################### | |
path => "/ELK/Analysis/LogFile.CSV" |
input { | |
file { | |
path => "/Somedir/Output/Logfile.XML" | |
start_position => beginning | |
sincedb_path => "/dev/null" | |
codec => multiline { | |
pattern => "(<process>|<event>)" | |
negate => "true" | |
what => "previous" | |
auto_flush_interval => 1 |
#REQUIRES -Version 2.0 | |
<# | |
.SYNOPSIS | |
A brief description of the function or script. This keyword can be used | |
only once in each topic. | |
.DESCRIPTION | |
A detailed description of the function or script. This keyword can be | |
used only once in each topic. | |
.PARAMETER Name |
#!/usr/bin/env python2 | |
# 6 bytes | |
inputfile = open('BlahBlahBlah', 'rb') | |
outputfile = open('output','w+b') | |
decode = [0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA] | |
counter = 0 | |
byte = inputfile.read(1) | |
while byte != "": | |
#print byte |
input { | |
beats { | |
type => "beats" | |
port => 5044 | |
#codec => json | |
} | |
file { | |
type => "procmon" | |
############ CHANGE ################### | |
path => "/blahblahblah/LogFile.CSV" |
I hereby claim:
To claim this, I am signing this object:
### Keybase proof | |
I hereby claim: | |
* I am Kvetch on github. | |
* I am baronian (https://keybase.io/baronian) on keybase. | |
* I have a public key whose fingerprint is EF6C A608 A979 F11B 0C5A 9526 B89D F047 2672 EF84 | |
To claim this, I am signing this object: |