Vaclav Adamec VAdamec
VAdamec
/ ossec_elasticsearch_index
Created
January 21, 2014 21:33
Set @fields to not analyzed (to get full alert description not exploded parts)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -XPUT http://localhost:9200/_template/logstash_ossec -d '{ | |
| "template" : "*ossec*", | |
| "settings": { | |
| "number_of_shards": 12, | |
| "number_of_replicas": 1 | |
| }, | |
| "mappings": { | |
| "ossec": { | |
| "_all": { | |
| "enabled": false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input { | |
| zeromq { | |
| type => 'zmq' | |
| topology => 'pushpull' | |
| address => 'tcp://*:5556' | |
| mode => 'server' | |
| } | |
| } | |
| output { |
VAdamec
/ ossec_kibana3.dashboard
Created
January 21, 2014 21:29
Kibana3 dashboard for OSSEC (using fields from logstash basic parsing)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "title": "OSSEC", | |
| "services": { | |
| "query": { | |
| "idQueue": [ | |
| 0, | |
| 1 | |
| ], | |
| "list": { | |
| "2": { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # https://gist.githubusercontent.com/samdoran/ | |
| # https://forge.puppetlabs.com/elasticsearch/elasticsearch - cluster split prod/dev/stg/... by cluster name <project>-<cluster_name>-.... | |
| # | |
| --- | |
| - name: Elasticsearch rolling upgrade | |
| hosts: elk | |
| serial: 1 | |
| sudo: yes | |
| gather_facts: true |
VAdamec
/ download_errata.yml
Created
May 18, 2016 10:09
Download CentOS6 errata to Pulp repository and get raw (and dirty) diff result of new and old stage
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # ansible-playbook -i hosts download_errata.yml --vault-password-file=/etc/.ipassword -s -U root | |
| # | |
| --- | |
| - name: Update ERRATAS if any new package | |
| hosts: pulpservers | |
| sudo: yes | |
| gather_facts: yes | |
| vars_files: | |
| - pass.yml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - name: Set Hipchat MSG | |
| set_fact: | |
| REPORTMSG: "LIVE UPDATE + ERRATA SYNC {{ timestamp.stdout }} - CENTOS Update" | |
| COLORMSG: "green" | |
| - name: Send notification to HipChat | |
| include: hipchat-notification.yml | |
| tags: notify | |
| - name: Ensure git |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import optparse | |
| from pprint import pprint | |
| import sys | |
| # from pysphere.vi_vapp import VIVApp | |
| from pysphere import VIServer, VITask, MORTypes, VIProperty | |
| from pysphere.resources import VimService_services as VI | |
| # CFG |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # notifications/elk.j2 | |
| {"when_it_happened": "{{ elktimestamp.stdout }}", "title": "System", "tags": ["{{ tags }}"], "description": "{{ notification_msg }}"} | |
| # notifications/elk-anotation.yml | |
| - name: Timestamp for ELK | |
| local_action: command date -u +"%Y-%m-%dT%H:%M:%S.%3NZ" | |
| register: elktimestamp | |
| - template: | |
| src: notifications/elk.j2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -XDELETE "http://localhost:9200/events/" | |
| curl -XPUT localhost:9200/events -H 'Content-Type: application/json' -d '{ | |
| "settings": { | |
| "index.number_of_shards": 2, | |
| "index.number_of_replicas": 0 | |
| }, | |
| "mappings": { | |
| "prod": { | |
| "properties": { |
VAdamec
/ ossec_server.conf
Created
October 20, 2015 06:07
Fluent setup for OSSEC (2.9, with json logging but with getting exact server name and log) not secure forward and also output to stdout
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <source> | |
| type tail | |
| format json | |
| path /var/ossec/logs/alerts/alerts.json | |
| pos_file /var/log/td-agent/ossec_log_json.pos | |
| tag ossec.process | |
| </source> | |
| <match ossec.process> | |
| type parser |
NewerOlder