Skip to content

Instantly share code, notes, and snippets.

Adrian Serrano adriansr

Block or report user

Report or block adriansr

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View cisco-asa-pipeline.js
// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
// or more contributor license agreements. Licensed under the Elastic License;
// you may not use this file except in compliance with the Elastic License.
var processor = require("processor");
var console = require("console");
var device;
// Register params from configuration.
View ciscoasa-pipeline.js
This file has been truncated, but you can view the full file.
// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
// or more contributor license agreements. Licensed under the Elastic License;
// you may not use this file except in compliance with the Elastic License.
var processor = require("processor");
var console = require("console");
var device;
View gist:0182dd16c51dc35a811d2b223e7979fc
GOROOT=/Users/adrian/.gvm/versions/go1.13.10.darwin.amd64 #gosetup
GOPATH=/Users/adrian/go #gosetup
/Users/adrian/.gvm/versions/go1.13.10.darwin.amd64/bin/go test -c -o /private/var/folders/4t/d2fxfql505j76bjd6yb6qhc80000gn/T/___TestReplaceIndexInIndexPattern_in_github_com_elastic_beats_v7_libbeat_dashboards github.com/elastic/beats/v7/libbeat/dashboards #gosetup
/Users/adrian/.gvm/versions/go1.13.10.darwin.amd64/bin/go tool test2json -t /private/var/folders/4t/d2fxfql505j76bjd6yb6qhc80000gn/T/___TestReplaceIndexInIndexPattern_in_github_com_elastic_beats_v7_libbeat_dashboards -test.v -test.run ^TestReplaceIndexInIndexPattern$ #gosetup
=== RUN TestReplaceIndexInIndexPattern
=== RUN TestReplaceIndexInIndexPattern/Replace_in_[]interface(map).map
=== RUN TestReplaceIndexInIndexPattern/Replace_in_[]interface(map).mapstr
=== RUN TestReplaceIndexInIndexPattern/Replace_in_[]map.mapstr
=== RUN TestReplaceIndexInIndexPattern/Replace_in_[]mapstr.mapstr
=== RUN TestReplaceIndexInIndexPattern/Replace_in_[]maps
View cisco-asa-pipeline.json
{
"filebeat-8.0.0-cisco-asa-asa-ftd-pipeline" : {
"description" : "Pipeline for Cisco ASA logs",
"processors" : [
{
"grok" : {
"field" : "message",
"patterns" : [
"(?:%{SYSLOG_HEADER})?\\s*%{GREEDYDATA:log.original}"
],
@adriansr
adriansr / diff-filebeat-fileset-test-failure.py
Last active Oct 24, 2019
Diff filebeat module fileset test failure
View diff-filebeat-fileset-test-failure.py
# Helper to find what's wrong when a Filebeat's fileset
# fails with the error:
#
# The following expected object was not found:
# {
# [...]
# }
# Searched in:
# [
# [...]
@adriansr
adriansr / random_cisco_asa.py
Created Apr 4, 2019
Random Cisco ASA logs generator
View random_cisco_asa.py
from datetime import datetime, date, time, timedelta
import random
class WeightedRand:
def __init__(self, weights):
self.v = []
self.n = sum(weights.values())
for (k, v) in weights.iteritems():
self.v += [k] * v
@adriansr
adriansr / iptables_random.py
Created Apr 4, 2019
Random log generator for iptables module
View iptables_random.py
import os
import random as rnd
import re
import sys
random_ips = set()
ips = {}
doc_ips = [[192, 0, 2], [198, 51, 100], [203, 0, 113]]
known_prefixes = set([ '.'.join([str(y) for y in x ]) for x in [
View auditd USER_AUTH USER_LOGIN
# local login failed
"type=USER_AUTH msg=audit(1553622768.697:628): pid=6261 uid=0 auid=1002 ses=40 msg='op=PAM:authentication acct=\"root\" exe=\"/bin/login\" hostname=? addr=? terminal=/dev/pts/1 res=failed'"
"type=USER_LOGIN msg=audit(1553622768.697:629): pid=6261 uid=0 auid=1002 ses=40 msg='op=login acct=\"root\" exe=\"/bin/login\" hostname=? addr=? terminal=/dev/pts/1 res=failed'"
# local login succeeded
"type=USER_AUTH msg=audit(1553622784.557:630): pid=6261 uid=0 auid=1002 ses=40 msg='op=PAM:authentication acct=\"adrian\" exe=\"/bin/login\" hostname=? addr=? terminal=/dev/pts/1 res=success'"
"type=USER_LOGIN msg=audit(1553622784.973:634): pid=6261 uid=0 auid=1002 ses=40 msg='op=login acct=\"adrian\" exe=\"/bin/login\" hostname=? addr=? terminal=/dev/pts/1 res=success'"
@adriansr
adriansr / compare-golden.py
Created Feb 4, 2019
Compare two -expected.json ES events
View compare-golden.py
# Usage:
# compare-golden-events.py <old.json> <new.json>
import json
import sys
def missing(keys, dct):
r = []
for key in keys:
View anonymize iptables logs
# Anonymize IPTABLES logs for documentation!
import os
import re
import sys
random_macs = set()
macs = {}
You can’t perform that action at this time.