Clint Sharp coccyx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global: | |
| rotInterval: 1 | |
| samplesDir: | |
| - examples/tutorial | |
| samples: | |
| - name: tutorial1 | |
| description: Tutorial 1 | |
| disabled: false | |
| generator: sample | |
| rater: default |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global: | |
| rotInterval: 1 | |
| samplesDir: | |
| - examples/tutorial | |
| samples: | |
| - name: tutorial1 | |
| description: Tutorial 1 | |
| disabled: false | |
| generator: sample | |
| rater: default |
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global: | |
| rotInterval: 1 | |
| samples: | |
| - name: businessevent | |
| description: Example business event log from a middleware system, in key=value format. | |
| disabled: false | |
| generator: sample | |
| rater: default | |
| interval: 3 | |
| count: 3 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| filebeat.inputs: | |
| - type: log | |
| enabled: true | |
| paths: | |
| - /var/log/*.log | |
| output.elasticsearch: | |
| hosts: ["http://localhost:10080/elastic"] |
coccyx
/ inputs.conf
Created
September 6, 2018 03:43
— forked from automine/inputs.conf
Nice windows event blacklisting
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [WinEventLog://Security] | |
| disabled = 0 | |
| start_from = oldest | |
| current_only = 0 | |
| evt_resolve_ad_obj = 1 | |
| checkpointInterval = 5 | |
| blacklist1 = EventCode="4662" Message="Object Type:(?!\s*groupPolicyContainer)" | |
| blacklist2 = EventCode="566" Message="Object Type:(?!\s*groupPolicyContainer)" | |
| blacklist3 = EventCode="4688" Message="New Process Name:\s*(?i)(?:[C-F]:\\Program Files\\Splunk(?:UniversalForwarder)?\\bin\\(?:btool|splunkd|splunk|splunk\-(?:MonitorNoHandle|admon|netmon|perfmon|powershell|regmon|winevtlog|winhostinfo|winprintmon|wmi))\.exe)" | |
| blacklist4 = EventCode="4689" Message="Process Name:\s*(?i)(?:[C-F]:\\Program Files\\Splunk(?:UniversalForwarder)?\\bin\\(?:btool|splunkd|splunk|splunk\-(?:MonitorNoHandle|admon|netmon|perfmon|powershell|regmon|winevtlog|winhostinfo|winprintmon|wmi))\.exe)" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global: | |
| rotInterval: 1 | |
| samplesDir: | |
| - . | |
| samples: | |
| - name: tutorial3 | |
| description: Tutorial 3 | |
| disabled: false | |
| generator: sample | |
| rater: eventrater |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global: | |
| samplesDir: | |
| - $GOGEN_HOME/examples/nixOS | |
| - examples/nixOS | |
| samples: [] | |
| mix: | |
| - sample: coccyx/cpu | |
| - sample: coccyx/df | |
| - sample: coccyx/vmstat | |
| - sample: coccyx/bandwidth |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global: | |
| samplesDir: | |
| - $GOGEN_HOME/examples/nixOS | |
| - examples/nixOS | |
| samples: | |
| - name: iostat | |
| description: Generate Iostat Usage Metrics | |
| notes: | | |
| Generates iostat usage from the Splunk UNIX TA | |
| disabled: false |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global: | |
| samplesDir: | |
| - $GOGEN_HOME/examples/nixOS | |
| - examples/nixOS | |
| samples: | |
| - name: bandwidth | |
| description: Generate Bandwidth Usage Metrics | |
| notes: | | |
| Generates bandwidth usage from the Splunk UNIX TA | |
| disabled: false |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global: | |
| samplesDir: | |
| - $GOGEN_HOME/examples/nixOS | |
| - examples/nixOS | |
| samples: | |
| - name: vmstat | |
| description: Generate Memory Usage Metrics | |
| notes: | | |
| Generates memory Usage in the form of a vmstat command from the Splunk UNIX TA | |
| disabled: false |
NewerOlder