I hereby claim:
- I am jalogisch on github.
- I am jalogisch (https://keybase.io/jalogisch) on keybase.
- I have a public key whose fingerprint is A19B F39B 7474 7846 4184 AAFC 70C7 FC35 A4E8 36F8
To claim this, I am signing this object:
import org.graylog2.plugin.Message | |
import java.util.regex.Matcher | |
import java.util.regex.Pattern | |
rule "Rename level field to avoid ES type collision" | |
when | |
m : Message( message matches ".*level=.*" ); | |
then | |
Matcher matcher = Pattern.compile("level=(\\w+)(\\s|$)").matcher(m.getMessage()); | |
if (matcher.find()) { | |
String x = matcher.group(1); |
{ | |
"extractors": [ | |
{ | |
"title": "1_extract_json_message", | |
"extractor_type": "json", | |
"converters": [], | |
"order": 0, | |
"cursor_strategy": "copy", | |
"source_field": "full_message", | |
"target_field": "", |
server | |
{ | |
listen 80 default_server; | |
listen [::]:80 default_server ipv6only=on; | |
server_name graylog.example.org; | |
location /api/ | |
{ | |
proxy_set_header Host $http_host; | |
proxy_set_header X-Forwarded-Host $host; |
<?PHP | |
require '/path/to/markdown-extra.php'; | |
$db = mysql_connect('localhost', 'root', 'password') or die(mysql_error()); | |
mysql_select_db('tylerio', $db) or die(mysql_error()); | |
$files = scandir('posts'); | |
array_shift($files); // . | |
array_shift($files); // .. |
rule "extract_ghost_blog_from_systemd_log" | |
when | |
has_field("programname") AND to_string($message.programname) == "Ghost" | |
then | |
let message_field = to_string($message.message); | |
let action = grok(pattern: "%{COMBINEDAPACHELOG}", value: message_field); | |
set_fields(action); | |
end |
listen syslog_tcp_514 | |
bind *:514 | |
mode tcp | |
timeout client 120s | |
timeout server 120s | |
default-server inter 2s downinter 5s rise 3 fall 2 maxconn 64 maxqueue 128 weight 100 | |
server graylog1 192.168.55.201:51400 check | |
server graylog2 192.168.55.202:51400 check | |
server graylog3 192.168.55.203:51400 check |
I hereby claim:
To claim this, I am signing this object:
rule "dnsmasq clean message" | |
when | |
has_field("programname") AND contains(to_string($message.programname), "dnsmasq") | |
then | |
let m = regex("^.+: (.+)$", to_string($message.message)); | |
let clean_message = m["0"]; | |
// Set a better message field without the prefix clutter. | |
set_field("message", clean_message); | |
end |
{ | |
"name": "PiHOLE", | |
"description": "Creates Information Dashboard from pihole with enriched data ( https://gist.github.com/jalogisch/922b7a3438c5c6f5b9d02557d33ab2eb )", | |
"category": "DNS Intel", | |
"inputs": [], | |
"streams": [], | |
"outputs": [], | |
"dashboards": [ | |
{ | |
"title": "DNS Intel", |
// Use Gists to store code you would like to remember later on | |
console.log(window); // log the "window" object to the console |