Skip to content

Instantly share code, notes, and snippets.

View dav3860's full-sized avatar

dav3860

13 followers · 0 following
  • Paris, France
View GitHub Profile
@dav3860
dav3860 / zbxjson.py
Last active February 19, 2021 14:19
Zabbix REST/JSON web service check script
For REST/JSON web service that returns :
{
"DatabaseConnections": [
{
"DatabaseName": "database1",
"DatabaseStatus": "Open",
},
{
"DatabaseName": "database2",
"DatabaseStatus": "Open",
@dav3860
dav3860 / proxy.patch
Created August 19, 2014 12:58
--- vmbix-discovery.py.orig 2014-08-19 14:53:19.768779919 +0200
+++ vmbix-discovery.py 2014-07-25 15:28:12.808115479 +0200
@@ -51,31 +53,45 @@
exit(1)
hosts = zapi.host.get({"output": "extend", "selectGroups": ["name"], "selectParentTemplates": ["name"]})
-try:
- get = zapi.hostgroup.get({
+if VMPROXY:
+ try:
@dav3860
dav3860 / Gemfile
Last active August 2, 2016 14:48
source 'https://rubygems.org'
gem 'dashing'
gem 'activesupport'
gem 'zabby'
gem 'therubyracer', :platforms => :ruby
@dav3860
dav3860 / Event Logs Schema
Created October 9, 2013 16:14
{
"title": "Windows Event Logs",
"services": {
"query": {
"idQueue": [
2,
3,
4,
9,
10,
@dav3860
dav3860 / gist:5346821
Last active December 16, 2015 00:19
Apache config snippets :
Alias /kibana3 /var/www/kibana3
# Elasticsearch API is behind /es/
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS|DELETE)
RewriteRule .* - [F]
RewriteCond %{LA-U:REMOTE_USER} !^$
RewriteRule /es/(.*)logstash-([0-9]+.[0-9]+.[0-9]+)(.*) /es/$1%{LA-U:REMOTE_USER}-$2$3 [N] # Redirect all logstash-xx-xx-xx accesses to user aliases
@dav3860
dav3860 / gist:5346032
Created April 9, 2013 14:20
# Cisco firewalls
udp {
port => "50514"
type => "firewall"
charset => "UTF-8"
tags => "cisco-fw"
}
@dav3860
dav3860 / gist:5345751
Created April 9, 2013 13:39
Logstash grok patterns for Juniper Netscreen firewalls.
NETSCREEN1 policy_id=%{INT:policy_id} service=%{DATA:service} proto=%{INT:protocol} src zone=%{WORD} dst zone=%{WORD} action=%{WORD:action} sent=%{INT} rcvd=%{INT} src=%{IP:src_ip} dst=%{IP:dst_ip} icmp type=%{INT} icmp code=%{INT} src-xlated ip=%{IP:src_xlated_ip} dst-xlated ip=%{IP:dst_xlated_ip}
NETSCREEN2 policy_id=%{INT:policy_id} service=%{DATA:service} proto=%{INT:protocol} src zone=%{WORD} dst zone=%{WORD} action=%{WORD:action} sent=%{INT} rcvd=%{INT} src=%{IP:src_ip} dst=%{IP:dst_ip} src_port=%{DATA:src_port} dst_port=%{DATA:dst_port} src-xlated ip=%{IP:src_xlated_ip} port=%{DATA:src_xlated_port} dst-xlated ip=%{IP:dst_xlated_ip} port=%{DATA:dst_xlated_port}
NETSCREEN3 policy_id=%{INT:policy_id} service=%{DATA:service} proto=%{INT:protocol} src zone=%{WORD} dst zone=%{WORD} action=%{WORD:action} sent=%{INT} rcvd=%{INT} src=%{IP:src_ip} dst=%{IP:dst_ip} src_port=%{DATA:src_port} dst_port=%{DATA:dst_port}
NETSCREEN4 policy_id=%{INT:policy_id} service=%{DATA:service} proto=%{INT:protocol} src zone=%{WOR
@dav3860
dav3860 / gist:5345656
Last active April 27, 2020 11:38
Cisco ASA/PIX config for logstash.
/etc/logstash/logstash.conf :
# We handle the syslog part of the Cisco PIX/ASA messages
grok {
tags => "cisco-fw"
patterns_dir => "/etc/logstash/patterns"
pattern => "^<%{POSINT:syslog_pri}>(?:(%{TIMESTAMP_ISO8601:timestamp8601} |%{CISCOTIMESTAMP:timestamp} ))?%{SYSLOGHOST:logsource}?[ :]+%{GREEDYDATA:syslog_message}"
}
syslog_pri {
tags => "cisco-fw"