This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[2021-01-25T10:24:47,485][WARN ][o.e.h.AbstractHttpServerTransport] [siem-main.XXXXX.local] caught exception while handling client http traffic | |
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Insufficient buffer remaining for AEAD cipher fragment (2). Needs to be more than tag size (16) | |
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:471) ~[netty-codec-4.1.49.Final.jar:4.1.49.Final] | |
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) ~[netty-codec-4.1.49.Final.jar:4.1.49.Final] | |
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) [netty-transport-4.1.49.Final.jar:4.1.49.Final] | |
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) [netty-transport-4.1.49.Final.jar:4.1.49.Final] | |
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) [netty-transpo |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
filebeat.inputs: | |
- type: log | |
enabled: true | |
paths: | |
- /var/log/*.log | |
#- c:\programdata\elasticsearch\logs\* | |
- type: syslog | |
protocol.udp: | |
host: "node-1:515" | |
filebeat.config.modules: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"_index": "mikrotik-log-2020.11", | |
"_type": "_doc", | |
"_id": "f9yFgnUBAnhF-USAF3ck", | |
"_version": 1, | |
"_score": null, | |
"_source": { | |
"topic1": "system", | |
"topic2": "error", | |
"agent": { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"mappings": { | |
"_doc": { | |
"properties": { | |
"@timestamp": { | |
"type": "date" | |
}, | |
"@version": { | |
"type": "keyword" | |
}, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
PUT _watcher/watch/winlogs | |
{ | |
"metadata": { | |
"window_period": "15m" | |
}, | |
"trigger": { | |
"schedule": { | |
"interval": "5m" | |
} | |
}, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"_id" : "winlogs_ca23891f-7176-461c-bb9e-3843a634dfc1-2020-09-22T08:56:59.856268Z", | |
"watch_record" : { | |
"watch_id" : "winlogs", | |
"node" : "eXtEY0w5QVeHHEL_ZYk9Cg", | |
"state" : "executed", | |
"user" : "elastic", | |
"status" : { | |
"state" : { | |
"active" : true, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
filebeat.inputs: | |
- type: log | |
enabled: true | |
paths: | |
- /var/log/*.log | |
#- c:\programdata\elasticsearch\logs\* | |
scan_frequency: 6s | |
filebeat.config.modules: | |
path: ${path.config}/modules.d/*.yml | |
reload.enabled: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-- Logs begin at Mon 2020-09-07 08:31:42 +0430, end at Wed 2020-09-09 12:37:05 +0430. -- | |
Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.270+0430 ERROR [publisher_pipeline_output] pipeline/output.go:181 failed to publish events: temporary bulk send failure | |
Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.270+0430 INFO [publisher_pipeline_output] pipeline/output.go:144 Connecting to backoff(elasticsearch(https://node-1:9200)) | |
Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.270+0430 INFO [publisher] pipeline/retry.go:221 retryer: send unwait signal to consumer | |
Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.270+0430 INFO [publisher] pipeline/retry.go:225 done | |
Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.271+0430 INFO [esclientleg] eslegclient/connection.go:306 Attempting to connect to Elasticsearch ve |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
PUT _watcher/watch/ciscoioswatcher | |
{ | |
"trigger" : { "schedule" : { "interval" : "5m" }}, | |
"input" : { | |
"search" : { | |
"request" : { | |
"indices" : [ "filebeat-*" ], | |
"body" : { | |
"query" : { | |
"bool" : { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"_index": "cisco-beat-2020.09", | |
"_type": "_doc", | |
"_id": "NsrlXXQB5DC9Olmvu0ry", | |
"_version": 1, | |
"_score": null, | |
"_source": { | |
"agent": { | |
"hostname": "FortressSIEM", | |
"name": "FortressSIEM", |
NewerOlder