elijahpaul

# GROK match pattern for logstash.conf filter: %{PFSENSE_LOG_DATA}%{PFSENSE_IP_SPECIFIC_DATA}%{PFSENSE_IP_DATA}%{PFSENSE_PROTOCOL_DATA}

# GROK Custom Patterns (add to patterns directory and reference in GROK filter for pfSense events):

# GROK Patterns for pfSense 2.2 Logging Format
#
# Created 27 Jan 2015 by J. Pisano (Handles TCP, UDP, and ICMP log entries)
# Edited 14 Feb 2015 by Elijah Paul elijah.paul@gmail.com
# Edited 10 Mar 2015 by Bernd Zeimetz <bernd@bzed.de>
# taken from https://gist.github.com/elijahpaul/f5f32d4e914dcb7fedd2

elijahpaul

<?php
/*
 * Script to check SoYouStart availability, based on http://www.tienle.com/2014/09-03/script-check-soyoustart-availability.html
 */

define('CHECK_URL',             'http://ws.ovh.com/dedicated/r2/ws.dispatcher/getAvailability2');
define('NOTIFICATION_EMAILS',   'YOUR_EMAIL@DOMAIN.COM'); // Comma separated list of notifaction email address
define('SYSTEM_EMAIL',          '0'); // 1 = enabled local smtp system
define('MANDRILL',              '1'); // 1 = enable email through mandrill api, require an account on https://mandrillapp.com/
define('MANDRILL_API',          'YOUR_MANDRILL_API_KEY'); // Enter your Mandrill App API Key here

elijahpaul

# Use this filter with pattern file https://gist.github.com/elijahpaul/f5f32d4e914dcb7fedd2
filter {  
  if "PFSense" in [tags] {
    grok {
      add_tag => [ "firewall" ]
      match => [ "message", "<(?<evtid>.*)>(?<datetime>(?:Jan(?:uary)?|Feb(?:ruary)?|Mar(?:ch)?|Apr(?:il)?|May|Jun(?:e)?|Jul(?:y)?|Aug(?:ust)?|Sep(?:tember)?|Oct(?:ober)?|Nov(?:ember)?|Dec(?:ember)?)\s+(?:(?:0[1-9])|(?:[12][0-9])|(?:3[01])|[1-9]) (?:2[0123]|[01]?[0-9]):(?:[0-5][0-9]):(?:[0-5][0-9])) (?<prog>.*?): (?<msg>.*)" ]
    }
    mutate {
      gsub => ["datetime","  "," "]
    }

elijahpaul

# GROK match pattern for logstash.conf filter: %{LOG_DATA}%{IP_SPECIFIC_DATA}%{IP_DATA}%{PROTOCOL_DATA}

# GROK Custom Patterns (add to patterns directory and reference in GROK filter for pfSense events):

# GROK Patterns for pfSense 2.2 Logging Format
# 
# Created 27 Jan 2015 by J. Pisano (Handles TCP, UDP, and ICMP log entries)
# Edited 14 Feb 2015 by E. Paul
#
# Usage: Use with following GROK match pattern

elijahpaul

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

mQINBFRksYUBEADi8nC8xuOWq25oS+OEBTxcfuZUhkoYKIBL2D+mOXk64TiQXwKi
2Diu5H+6GRnXAgWwaZFhj356fk+jUiCW2b0gzJE/aA7kNfcGyzEatTAFia+SZTrv
INvnY23i2/JVGodKFOq5tUoKajxGiJUFlWy5w9Fgo+BScNR2dblRP228JZn2MLXs
nkmAckW8r/cFhCyEpR6S5bwXe7ly0gVNUSfEJbOKBpYIyvokpmsswaIVGuLdu9mh
QFZpXL9QMwJ0SOdtNPc1lpWN494q5pelPQP+NsiA90PzQLPgJLgaT03nEn7XOl2G
1otZpERnhLOGimzKqOKRcoSwOt1AuFBdOiUXBYixheuzBgpMlmrTTxa6XwSRqLAJ
DqAVxRXnJ+ZuGR87BSc8diA6Hg+gSoxgUlrkD3t83tXzZJeHmvp2tonDb/Gjm0Qe

elijahpaul

{
  "title": "Exchange Message Tracking Logs",
  "services": {
    "query": {
      "list": {
        "0": {
          "id": 0,
          "color": "#7EB26D",
          "alias": "Messages Sent (Internal)",
          "pin": true,

elijahpaul

{
  "title": "PFSense Firewall",
  "services": {
    "query": {
      "idQueue": [],
      "list": {
        "0": {
          "query": "tags: \"PFSense\" AND action: \"pass\"",
          "alias": "Passed",
          "color": "#6ED0E0",

elijahpaul

#!/bin/bash
#
# chkconfig: - 16 84
# description: Start up transmission-daemon
#
# processname: transmission-daemon
# config: /etc/sysconfig/transmission

# source function library
. /etc/rc.d/init.d/functions

elijahpaul

Keybase proof

I hereby claim:

• I am elijahpaul on github.
• I am ep (https://keybase.io/ep) on keybase.
• I have a public key whose fingerprint is 9791 19F0 98C6 89D0 0DBD 7841 13EA B5A3 EE25 BE50

To claim this, I am signing this object: