Skip to content

Instantly share code, notes, and snippets.

Avatar

Jay Swan jayswan

View GitHub Profile
View simple_syslog_count.py
from collections import Counter,defaultdict
import re
import sys
"""
Counterpart to this blog post:
http://unroutable.blogspot.com/2014/07/simple-python-syslog-counter.html
Summarize counts of typical Cisco syslog messages. Most syslog servers produce lines that look something like this:
@jayswan
jayswan / uncipher.py
Created Feb 27, 2012
Python: reverse Cisco type 7 passwords with input from file or stdin
View uncipher.py
"""
Uncipher Cisco type 7 ciphered passwords
Usage: python uncipher.py <pass> where <pass> is the text of the type 7 password
Example:
$ python uncipher.py 094F4F1D1A0403
catcat
"""
import fileinput
import sys
@jayswan
jayswan / gist:a8d9920ef74516a02fe1
Last active Aug 26, 2020
Elasticsearch Python bulk index API example
View gist:a8d9920ef74516a02fe1
>>> import itertools
>>> import string
>>> from elasticsearch import Elasticsearch,helpers
es = Elasticsearch()
>>> # k is a generator expression that produces
... # a series of dictionaries containing test data.
... # The test data are just letter permutations
... # created with itertools.permutations.
... #
... # We then reference k as the iterator that's
@jayswan
jayswan / hn.bro
Last active Feb 17, 2020
track hostnames with Bro
View hn.bro
type Idx: record {
hostname: string;
};
export {
redef enum Notice::Type += {
DNS_ENTRY::Tracked_Hostname
};
}
@jayswan
jayswan / cidrs.sh
Created Jul 26, 2016
Scripts to retrieve CIDR blocks for various services
View cidrs.sh
# Fastly
curl -s https://api.fastly.com/public-ip-list | jq -r '.addresses | .[]'
# Google
dig @8.8.8.8 +short txt _netblocks.google.com | awk '{gsub("ip4:","");for (col=2; col<NF;++col) print $col}'
# AWS
curl -s https://ip-ranges.amazonaws.com/ip-ranges.json | \
jq --raw-output '.prefixes | map(.ip_prefix) | .[]'
@jayswan
jayswan / googips.sh
Created Feb 25, 2016
Get a List of Google CIDR Blocks
View googips.sh
dig @8.8.8.8 +short txt _netblocks.google.com | awk '{gsub("ip4:","");for (col=2; col<NF;++col) print $col}'
@jayswan
jayswan / splunk-elk.md
Created Jun 7, 2018
Splunk/ELK Comparision
View splunk-elk.md

Splunk vs ELK is complicated, depending on what you want to optimize. Probably the biggest issue is the ecosystem around post-search data manipulation.

Places where ES shines

ES is amazing at searching for tokens and returning documents. The aggregations are also superb -- actually much faster than Splunk under most conditions. Plugins can extend that functionality. Stuff like fuzzy search, regex queries, indexed terms lookups, significant terms aggregations, and nested aggregations can be extremely powerful if you know how to use them well.

Trouble areas

ES has a reputation for stability problems. These are mostly solvable by running an appropriately sized cluster with new versions and proper circuit breaker settings. Much of the FUD I've seen about this is incorrect, but the biggest problem remains that you can't kill a misbehaving query or constrain its resource use after it has started; if your circuit breakers aren't working correctly then you're out of luck.

Chaining data processing

U

View bh.py
from __future__ import print_function
import os
import sys
from netmiko import ConnectHandler
target_mac = os.environ['TARGET_MAC']
router_ip = os.environ['ROUTER_IP']
router_user = os.environ['ROUTER_USER']
password = os.environ['ROUTER_PW']
@jayswan
jayswan / uncipher.py
Created Feb 29, 2012
Python: reverse Cisco type 7 passwords with input from argument
View uncipher.py
"""
Uncipher Cisco type 7 ciphered passwords
Usage: python uncipher.py <pass> where <pass> is the text of the type 7 password
Example:
$ python uncipher.py 094F4F1D1A0403
catcat
"""
import sys
View gist:b1998ac7226c08a18cb8
syntax enable
set ruler
set nobackup
set nocompatible
set encoding=utf-8
set showcmd
set number
set background=dark
"" Indentation