Graylog menu: Graylog - System - Pipelines - Manage rules
All rules will assume you pre-filter your logs on an application-basis. Else the matching will get horrible.
Use regex101.com for testing expressions. Make sure to escape all the backslashes \\ (and so on..) before adding it as Graylog rule.
/*
| #!/usr/bin/env bash | |
| # NOTES: | |
| # perfoms md5sum on all files in the directory, sorts them and creates an overall md5sum | |
| # WARNING: the sort order & checksum will change if you do not use the same LANG/LC_ALL! | |
| EXCLUDES=('dir1' 'dir2/*') | |
| set -eo pipefail |
| # bash > crm configure | |
| property no-quorum-policy=ignore | |
| property stonith-enabled=false | |
| primitive resHAProxy systemd:haproxy \ | |
| op monitor interval=5 | |
| clone clone_HAProxy resHAProxy | |
| primitive resIP_LB IPaddr2 \ | |
| params ip=172.x.x.x nic=ens18 cidr_netmask=32 \ |
| #!/bin/bash | |
| set -eE -o pipefail | |
| # to create such a volume - use: https://gist.github.com/NiceRath/c794caa26a28fc90fc628a047648722b | |
| if [ $# -lt 3 ] | |
| then | |
| cat << EOF | |
| You must provide: |
| #!/bin/bash | |
| set -eE -o pipefail | |
| # to create such a volume - use: https://gist.github.com/NiceRath/c794caa26a28fc90fc628a047648722b | |
| # move the created key from <PATH-TO-KEY-DIR> to the remote host and securly delete them (p.e. using 'shred') | |
| # run example: "bash /usr/local/sbin/cryptmount/cryptmount.sh vg0-lv1 crypt-lv1 /data" | |
| ENC_LV_NAME="$1" | |
| DECRYPT_LV_NAME="$2" |
| #!/bin/bash | |
| set -eE -o pipefail | |
| # script to encrypt an existing LVM volume | |
| # to move the encryption keys to a remote host - use: https://gist.github.com/NiceRath/65511409c8dbbbbb98ae6f1a668b7d5d | |
| ENC_PATH='<PATH-TO-KEY-DIR>' | |
| KEY_SIZE='8192' | |
| PASS_FILE="${ENC_PATH}/<GPG-PASSPHRASE-FILE>" |
| #!/bin/bash | |
| set -euo pipefail | |
| # NOTES: | |
| # as Apple is not able to provide any good option to force updates on managed clients - you might want to notify users to install them | |
| # will be silent if no updates are available | |
| # see also: https://ss64.com/osx/softwareupdate.html |
| #!/bin/bash | |
| set -eo pipefail | |
| # NOTES: | |
| # to use on backup files created by Google Takeout: https://support.google.com/accounts/answer/3024190?hl=en | |
| # creates lists of top N mail senders & distribution-lists @ /tmp | |
| # can be used to create Google Vault retentions to clean-up old mails or spam: https://support.google.com/vault/answer/2990828?hl=en | |
| if [-z "$1" ] |
| #!/usr/bin/env bash | |
| set -eo pipefail | |
| if [ -z "$1" ] | |
| then | |
| echo "You need to supply the path to a certificate-directory to scan" | |
| exit 1 | |
| fi |
| #!/bin/bash | |
| # target: squid-openssl 4.13 with listener "http_port 127.0.0.1:3129 tproxy" | |
| # see also: | |
| # https://docs.kernel.org/networking/tproxy.html | |
| # https://blog.cloudflare.com/mmproxy-creative-way-of-preserving-client-ips-in-spectrum/ | |
| # https://latest.gost.run/en/tutorials/redirect/#forwarding-chain_1 | |
| # you might need to enable some iptables/nftables kernel modules: |