- socket []string: socket name
- zeros boolean: If false, it will not send measurments with value 0
The Suricata plugin sends dump-counters command to Suricata unix socket Threads are used as tags
Hillar hillar
hillar
/ remove-extra-trailer.c
Created
August 4, 2016 05:27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| unsigned int ip_total_len = (unsigned int)ntohs((ip_hdr->ip_len)); | |
| unsigned int real_len = 14 + ip_total_len; | |
| unsigned int dif = (*pkthdr)->caplen - real_len; | |
| if (dif > 0 && dif < 32) | |
| { | |
| (*pkthdr)->caplen -= dif; | |
| (*pkthdr)->len -= dif; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -XPOST '10.242.11.3:9200/_cluster/reroute' -d '{ | |
| "commands" : [ | |
| { | |
| "allocate" : { | |
| "index" : "sessions-160420h14", "shard" : 1, "node" : "es-1-data2-c" | |
| } | |
| } | |
| ] | |
| }' |
hillar
/ apache2elastic.py
Created
April 27, 2016 17:52
load & parse zip'ed apache logs and pump to elasticsearch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| reload(sys) | |
| sys.setdefaultencoding("utf-8") | |
| from os import listdir | |
| from os.path import isfile, join | |
| import gzip | |
| import apache_log_parser | |
| from elasticsearch import Elasticsearch | |
| from elasticsearch.helpers import bulk |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import "fmt" | |
| import "encoding/pem" | |
| import "encoding/asn1" | |
| import "math/big" | |
| import "time" | |
| import "os" | |
| import "io/ioutil" |
hillar
/ dnsqrparser.py
Last active
November 25, 2016 17:20
read and parse dnsqr messages from nsmg files created by sie-dns-sensor
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import nmsg | |
| import wdns | |
| import re | |
| def _parse_DKIM(data): | |
| if not re.search(r'v\=DKIM', data): | |
| return None | |
| ret = dict() |
hillar
/ ElasticSearchArchiveBot.py
Last active
August 29, 2015 14:26
abusehelper post url helper function, see https://bitbucket.org/clarifiednetworks/abusehelper/src/8a0cf2672c5a792b82a725f3dd9798883ff424f3/abusehelper/core/utils.py?at=default#utils.py-60
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # A bot that joins channels and send the events is sees to elasticsearch. | |
| # in bulks ;) | |
| ''' | |
| curl -XPUT "http://localhost:9200/_template/abuh" -d ' { | |
| "template": "*@conference*", | |
| "settings": { | |
| "index.refresh_interval": "5s", | |
| "index.number_of_shards": 1, |
hillar
/ test_idiokit_unified2_reader.py
Last active
August 29, 2015 14:23
test unified2 reader, see idstools, idiokit, abusehelper
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| ! testing without XMPP server | |
| for real life use: | |
| from idstools import unified2 | |
| import idiokit | |
| from abusehelper.core import bot | |
| class Unified2Bot(bot.FeedBot): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // ES6 | |
| /* | |
| moloch sessions.csv field names | |
| [ 'Protocol', | |
| ' First Packet', | |
| ' Last Packet', | |
| ' Source IP', |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| digraph G { | |
| subgraph cluster_cap{ | |
| softflow; | |
| suricata; | |
| bro; | |
| moloch_cap; | |
| } | |
| {rank=same; softflow,suricata,bro,moloch_cap } |