This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
curl -XPUT http://localhost:9200/_template/logstash_ossec -d '{ | |
"template" : "*ossec*", | |
"settings": { | |
"number_of_shards": 12, | |
"number_of_replicas": 1 | |
}, | |
"mappings": { | |
"ossec": { | |
"_all": { | |
"enabled": false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
input { | |
zeromq { | |
type => 'zmq' | |
topology => 'pushpull' | |
address => 'tcp://*:5556' | |
mode => 'server' | |
} | |
} | |
output { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"title": "OSSEC", | |
"services": { | |
"query": { | |
"idQueue": [ | |
0, | |
1 | |
], | |
"list": { | |
"2": { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# https://gist.githubusercontent.com/samdoran/ | |
# https://forge.puppetlabs.com/elasticsearch/elasticsearch - cluster split prod/dev/stg/... by cluster name <project>-<cluster_name>-.... | |
# | |
--- | |
- name: Elasticsearch rolling upgrade | |
hosts: elk | |
serial: 1 | |
sudo: yes | |
gather_facts: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# ansible-playbook -i hosts download_errata.yml --vault-password-file=/etc/.ipassword -s -U root | |
# | |
--- | |
- name: Update ERRATAS if any new package | |
hosts: pulpservers | |
sudo: yes | |
gather_facts: yes | |
vars_files: | |
- pass.yml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- name: Set Hipchat MSG | |
set_fact: | |
REPORTMSG: "LIVE UPDATE + ERRATA SYNC {{ timestamp.stdout }} - CENTOS Update" | |
COLORMSG: "green" | |
- name: Send notification to HipChat | |
include: hipchat-notification.yml | |
tags: notify | |
- name: Ensure git |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
import optparse | |
from pprint import pprint | |
import sys | |
# from pysphere.vi_vapp import VIVApp | |
from pysphere import VIServer, VITask, MORTypes, VIProperty | |
from pysphere.resources import VimService_services as VI | |
# CFG |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# notifications/elk.j2 | |
{"when_it_happened": "{{ elktimestamp.stdout }}", "title": "System", "tags": ["{{ tags }}"], "description": "{{ notification_msg }}"} | |
# notifications/elk-anotation.yml | |
- name: Timestamp for ELK | |
local_action: command date -u +"%Y-%m-%dT%H:%M:%S.%3NZ" | |
register: elktimestamp | |
- template: | |
src: notifications/elk.j2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
curl -XDELETE "http://localhost:9200/events/" | |
curl -XPUT localhost:9200/events -H 'Content-Type: application/json' -d '{ | |
"settings": { | |
"index.number_of_shards": 2, | |
"index.number_of_replicas": 0 | |
}, | |
"mappings": { | |
"prod": { | |
"properties": { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<source> | |
type tail | |
format json | |
path /var/ossec/logs/alerts/alerts.json | |
pos_file /var/log/td-agent/ossec_log_json.pos | |
tag ossec.process | |
</source> | |
<match ossec.process> | |
type parser |
NewerOlder