Skip to content

Instantly share code, notes, and snippets.

🏠
Working from home

Jan Doberstein jalogisch

🏠
Working from home
Block or report user

Report or block jalogisch

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@jalogisch
jalogisch / run.bash
Created Aug 31, 2018
The `tmp.json` contains the access rights that are needed to create tokens and the `run.bash` show how to add this via Graylog API and assing a user to this role.
View run.bash
http -a admin POST https://nuci3.local.lan/graylog/api/roles < tmp.json
http: password for admin@nuci3.local.lan:
HTTP/1.1 201 Created
Connection: keep-alive
Content-Length: 206
Content-Type: application/json
Date: Tue, 15 May 2018 13:30:08 GMT
Location: http://10.10.10.100:9000/graylog/api/roles/User%20Token%20Mangement
Server: nginx/1.12.2
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
@jalogisch
jalogisch / URLConnectionReader.java
Last active Aug 17, 2018
This little tool will help you to test if your Graylog server is able to reach the Graylog License API - the parameters of the trustStore and the proxy might be added and modified to fit your local needs.
View URLConnectionReader.java
// Based on java example: http://docs.oracle.com/javase/tutorial/networking/urls/readingWriting.html
// save as: URLConnectionReader.java
// compile using JDK: javac URLConnectionReader.java
// run: java -Djavax.net.ssl.trustStore=/path/to/cacerts.jks -Dhttp.proxyHost=10.0.0.100 -Dhttp.proxyPort=8800 URLConnectionReader
// if additional debugging is needed add -Djavax.net.debug=all to the above
// good path: returns HTML
// bad path: throws an exception
import java.net.*;
import java.io.*;
View gist:468c810d5a6f7066de264c8a0d24e7ed
Elasticsearch HTTPS:
- X-Pack (Elastic Kostenpflichtig)
- Search Guard (OSS & Pay Plan) https://github.com/floragunncom/search-guard
- NGINX Proxy ( https://www.elastic.co/blog/playing-http-tricks-nginx )
MongoDB TLS:
- https://docs.mongodb.com/manual/tutorial/configure-ssl/
- Certificate based authentication is tricky but can be done
Graylog TLS:
View 10-cisco-elasticsearch.conf
#
# INPUT - Logstash listens on port 8514 for these logs.
#
input {
udp {
port => "8514"
type => "syslog-cisco"
}
@jalogisch
jalogisch / README.md
Created Jan 19, 2018 — forked from tboeghk/README.md
Deployments, Services and Ingresses to run a recent Graylog2 on Kubernetes in #yolo mode without any persistence.
View README.md

These Kubernetes resources deploy a recent Graylog2 cluster on Kubernetes in #yolo mode without any persistence – The ideal way to quickly run, inspect and adapt a Graylog cluster in Kubernetes. The Deployment will install:

  • Graylog 2.4.0
  • Elasticsearch 5.6.3
  • Kibana 5.6.3

Deploy Graylog

View graylog2-docker-compose.yml
version: '2'
networks:
graylog.net:
volumes:
graylog.data.elastic:
driver: "local"
graylog.data.mongo:
driver: "local"
@jalogisch
jalogisch / ca.md
Created Sep 4, 2017 — forked from soarez/ca.md
How to setup your own CA with OpenSSL
View ca.md

How to setup your own CA with OpenSSL

For educational reasons I've decided to create my own CA. Here is what I learned.

First things first

Lets get some context first.

@jalogisch
jalogisch / nginx_graylog.conf
Last active Aug 23, 2017
Graylog behind NGINX Proxy in a sub-directory
View nginx_graylog.conf
# Graylog in Subdirectorie
#
# server.conf settings:
# rest_listen_uri = http://192.168.10.11:9000/serveurgraylog/api/
# web_listen_uri = http://192.168.10.11:9000/serveurgraylog/
#
server {
listen 80 ;
server_name g1422.lan;
@jalogisch
jalogisch / 0_reuse_code.js
Created Feb 7, 2017
Here are some things you can do with Gists in GistBox.
View 0_reuse_code.js
// Use Gists to store code you would like to remember later on
console.log(window); // log the "window" object to the console
View dns_masq_content_pack.json
{
"name": "PiHOLE",
"description": "Creates Information Dashboard from pihole with enriched data ( https://gist.github.com/jalogisch/922b7a3438c5c6f5b9d02557d33ab2eb )",
"category": "DNS Intel",
"inputs": [],
"streams": [],
"outputs": [],
"dashboards": [
{
"title": "DNS Intel",
You can’t perform that action at this time.