For excessively paranoid client authentication.
Updated Apr 5 2019:
because this is a gist from 2011 that people stumble into and maybe you should AES instead of 3DES in the year of our lord 2019.
some other notes:
As configured in my dotfiles.
start new:
tmux
start new with session name:
input { | |
stdin { | |
debug => true | |
type => default | |
add_field => [ "xml", "%{@message}" ] | |
} | |
} | |
filter { | |
xml { |
AUDIT type=%{WORD:audit_type} msg=audit\(%{NUMBER:audit_epoch}:%{NUMBER:audit_counter}\): user pid=%{NUMBER:audit_pid} uid=%{NUMBER:audit_uid} auid=%{NUMBER:audit_audid} subj=%{WORD:audit_subject} msg=%{GREEDYDATA:audit_message} | |
AUDITLOGIN type=%{WORD:audit_type} msg=audit\(%{NUMBER:audit_epoch}:%{NUMBER:audit_counter}\): login pid=%{NUMBER:audit_pid} uid=%{NUMBER:audit_uid} old auid=%{NUMBER:old_auid} new auid=%{NUMBER:new_auid} old ses=%{NUMBER:old_ses} new ses=%{NUMBER:new_ses} |
#!/usr/bin/env python | |
import sys | |
import subprocess | |
import re | |
import logging | |
import argparse | |
# https://github.com/wooster/biplist (pip install biplist) | |
import biplist |
brew install git bash-completion
Configure things:
git config --global user.name "Your Name"
git config --global user.email "you@example.com"
filter { | |
# strip the syslog PRI part and create facility and severity fields. | |
# the original syslog message is saved in field %{syslog_raw_message}. | |
# the extracted PRI is available in the %{syslog_pri} field. | |
# | |
# You get %{syslog_facility_code} and %{syslog_severity_code} fields. | |
# You also get %{syslog_facility} and %{syslog_severity} fields if the | |
# use_labels option is set True (the default) on syslog_pri filter. | |
grok { | |
type => "syslog-relay" |
username: vagrant | |
password: vagrant | |
sudo apt-get update | |
sudo apt-get install build-essential zlib1g-dev git-core sqlite3 libsqlite3-dev | |
sudo aptitude install mysql-server mysql-client | |
sudo nano /etc/mysql/my.cnf |
################################################################## | |
# /etc/elasticsearch/elasticsearch.yml | |
# | |
# Base configuration for a write heavy cluster | |
# | |
# Cluster / Node Basics | |
cluster.name: logng | |
# Node can have abritrary attributes we can use for routing |