Chris Denneen cdenneen
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| define accounts::user( | |
| $ensure=present, | |
| $gid=undef, | |
| $groups=[], | |
| $password=undef, | |
| $sshkeys=[], | |
| $managehome=true, | |
| $allowdupe=false, | |
| $uid, | |
| $shell = $kernel ? { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "title": "IIS", | |
| "rows": [ | |
| { | |
| "title": "Options", | |
| "height": "50px", | |
| "editable": true, | |
| "collapse": false, | |
| "collapsable": true, | |
| "panels": [ |
cdenneen
/ gist:6167132
Created
August 6, 2013 18:23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "@source" => "tcp://10.1.198.26:51588/", | |
| "@tags" => [], | |
| "@fields" => { | |
| "EventReceivedTime" => 1375813210, | |
| "SourceModuleType" => "im_file", | |
| "datetime" => "08/06/2013 13:57:46.86", | |
| "process" => "w3wp.exe (0x18C8)", | |
| "tid" => "0x16E8", | |
| "area" => "SharePoint Foundation", |
cdenneen
/ gist:6167233
Created
August 6, 2013 18:32
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input { | |
| tcp { | |
| port => 3515 | |
| type => json | |
| format => json | |
| } | |
| } | |
| filter { | |
| mutate { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| filter { | |
| mutate { | |
| type => json | |
| gsub => [ | |
| "datetime", "[ \t]$", "", | |
| "process", "[ \t]{2,}", "", | |
| "area", "[ \t]{2,}", "", | |
| "category", "[ \t]{2,}", "", | |
| "level", "[ \t]{2,}", "" | |
| ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| multiline { | |
| pattern => "\d\d\/\d\d\/\d\d\d\d \d\d\:\d\d\:\d\d\.\d\d\*" | |
| add_tag => [ "extra_line" ] | |
| what => previous | |
| } | |
| date { | |
| tags => [ "extra_line" ] | |
| match => [ "datetime", "MM/dd/YYYY HH:mm:ss.SS*" ] | |
| } | |
| date { |
cdenneen
/ gist:6168478
Created
August 6, 2013 20:47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 07/28/2013 19:45:24.15 w3wp.exe (0x16E4) 0x1380 SharePoint Foundation General fbv6 Medium <?xml version="1.0"?> <Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/"><Body><GetListItemChangesSinceToken xmlns="http://schemas.microsoft.com/sharepoint/soap/"><listName>{c1bef2f2-0c32-4662-98c5-4ab930d7da61}</listName><viewFields><ViewFields Properties="TRUE"><FieldRef Name="ID"/><FieldRef Name="ReplicationID"/><FieldRef Name="Attachments"/><FieldRef Name="owshiddenversion"/><FieldRef Name="Created"/><FieldRef Name="Modified"/><FieldRef Name="vti_versionhistory"/><FieldRef Name="ContentTypeId"/><FieldRef Name="EventType"/><FieldRef Name="Title"/><FieldRef Name="HeaderInfo"/><FieldRef Name="FooterInfo"/><FieldRef Name="UID"/><FieldRef Name="Description"/><FieldRef Name="Location"/><FieldRef Name="EventDate"/><FieldRef Name="EndDate"/><FieldRef Name="fAllDayEvent"/><FieldRef Na... 9fb581d1-11ec-42b7-a90d-fc56e2bc81e9 | |
| 07/28/2013 19:45:24.15* w3wp.exe ( |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input { | |
| tcp { | |
| port => 3516 | |
| type => json | |
| format => json | |
| } | |
| } | |
| filter { | |
| mutate { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "@source" => "stdin://ctclnxmgr01/", | |
| "@tags" => [], | |
| "@fields" => { | |
| "clientip" => [ | |
| [0] "76.19.107.28" | |
| ], | |
| "ident" => [ | |
| [0] "-" | |
| ], |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@eslogs-1 ~]# iptables -nL -v | |
| Chain INPUT (policy ACCEPT 0 packets, 0 bytes) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 /* 000 accept all icmp */ | |
| 372 37669 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 /* 001 accept all to lo interface */ | |
| 142K 181M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* 002 accept related established rules */ state RELATED,ESTABLISHED | |
| 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22 /* 003 allow ssh access */ state NEW,ESTABLISHED | |
| 16138 24M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 9200:9400,9500 /* 201 allow ES access */ | |
| 60 23693 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport sports 9200:9400 /* 203 allow remote ES */ | |
| 2364 3481K LOGGING |