clay584
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0"?> | |
| <taxfile id="1692376550"> | |
| ... | |
| </taxfile> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| file { | |
| path => ["/home/local/JTAX/curtisc/tax-returns/*"] | |
| start_position => "beginning" | |
| type => "tax_return" | |
| tags => [ "tax_return" ] | |
| codec => multiline { | |
| pattern => "^<\?xml .*\?>" | |
| negate => true | |
| what => "previous" | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0"?> | |
| <taxfile id="1692376550"> | |
| ... | |
| </jur> | |
| <splitsources/> | |
| </entity> | |
| <fee adjschcharge="65.00" code1="03.2013.0001.0002" fdfee="65.00" id="206" pricingoptionid="10" standardpricingtotal="65.00" totalfee="65.00" totalprepfee="65"> | |
| <feedetail abbr="FD" cost="65" count="1" dcost="65.00" defid="1675" dfee="65.00" fee="65" flag="1" id="1" name="Form 1040EZ" tierid="1"/> | |
| </fee> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "title": "Network Dashboard", | |
| "services": { | |
| "query": { | |
| "list": { | |
| "0": { | |
| "query": "Action=allow", | |
| "alias": "allow", | |
| "color": "#508642", | |
| "id": 0, |
clay584
/ gist:dac6753007f45ad7e9f4
Created
July 7, 2014 15:35
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input { | |
| stdin { } | |
| } | |
| filter { | |
| #all of your fixed grok filters | |
| } | |
| output { | |
| elasticsearch { |
clay584
/ logstash netflow config
Created
September 7, 2014 08:55
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input { | |
| udp { | |
| host => "0.0.0.0" | |
| port => 2055 | |
| codec => netflow { cache_ttl => 1 | |
| versions => [ 5, 9 ] | |
| } | |
| type => "netflow" | |
| } | |
| } |
clay584
/ gist:c7fa7d2fcd72655e3315
Created
September 8, 2014 16:51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input { | |
| udp { | |
| host => "0.0.0.0" | |
| port => 2055 | |
| codec => netflow { cache_ttl => 1 | |
| versions => [ 5, 9 ] | |
| } | |
| type => "netflow" | |
| } | |
| } |
clay584
/ logstash_asa_parser
Created
September 30, 2014 16:45
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #parse ASA log | |
| grok { | |
| patterns_dir => "/opt/logstash/logstash-1.4.0/patterns" | |
| break_on_match => false | |
| match => [ "raw_message", "%{CISCOFACSEVMNEM} %{WORD:Action} %{WORD:IPProtocol} src %{WORD:SourceZone}:%{IP:SourceAddress}\/%{POSINT:SourcePort} dst %{WORD:DestinationZone}:%{IP:DestinationAddress}\/%{POSINT:DestinationPort} by access-group \"%{NOTSPACE:rule}\"%{GREEDYDATA}", | |
| "raw_message", "%{CISCOFACSEVMNEM} %{WORD:Action} %{IPPROTOCOL:IPProtocol} src %{WORD:SourceZone}:%{IP:SourceAddress} dst %{WORD:DestinationZone}:%{IP:DestinationAddress} %{DATA:icmp_type_code} by access-group \"%{WORD:Rule}\"%{GREEDYDATA}", | |
| "raw_message", "%{CISCOFACSEVMNEM} %{GREEDYDATA:description}" ] | |
| } | |
| mutate { | |
| remove_field => [ "message", "raw_message" ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input { | |
| file { | |
| #if you are reading files that syslog-ng has written to. | |
| path => ["/var/log/syslog-ng.log"] | |
| type => "syslog" | |
| tags => [ "network" ] | |
| } | |
| tcp { | |
| #if syslog-ng is relaying to logstash on TCP/514 | |
| port => 514 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CISCOTIMESTAMPTZ %{MONTH} +%{MONTHDAY}(?: %{YEAR})? %{TIME} %{TZ} |
OlderNewer