jehuty0shift
jehuty0shift
/ filter.logstash
Last active
January 26, 2023 01:25
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if [event][module] == "apache" { | |
| if [fileset][name] == "access" { | |
| grok { | |
| match => { "message" => [ | |
| "%{IPORHOST:[source][address]} - %{DATA:[user][name]} \[%{HTTPDATE:[apache][access][time]}\] \"(?:%{WORD:[http][request][method]} %{DATA:[url][original]} HTTP/%{NUMBER:[http][version]:float}|-)?\" %{NUMBER:[http][response][status_code]:int} (?:%{NUMBER:[http][response][body][bytes]:int}|-)( \"%{DATA:[http][request][referrer]}\")?( \"%{DATA:[user_agent][original]}\")?", | |
| "%{IPORHOST:[source][address]} - %{DATA:[user][name]} \[%{HTTPDATE:[apache][access][time]}\] \"-\" %{NUMBER:[http][response][status_code]:int} -", | |
| "\[%{HTTPDATE:[apache][access][time]}\] %{IPORHOST:[source][address]} %{DATA:[apache][access][ssl][protocol]} %{DATA:[apache][access][ssl][cipher]} \"%{WORD:[http][request][method]} %{DATA:[url][original]} HTTP/%{NUMBER:[http][version]:float}\" %{NUMBER:[http][response][body][bytes]:int}"] | |
| } | |
| remove_field => [ "message" ] | |
| add_field => { "[event][created]" => "%{@timestamp}" } |
jehuty0shift
/ mapping.json
Created
September 10, 2019 16:23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "_meta": { | |
| "beat": "metricbeat", | |
| "version": "7.3.1" | |
| }, | |
| "dynamic_templates": [ | |
| { | |
| "labels": { | |
| "path_match": "labels.*", | |
| "mapping": { |
jehuty0shift
/ HAProxyLogFormat.txt
Last active
January 14, 2022 23:28
HA Proxy log format Description (taken from http://www.haproxy.org/download/1.6/doc/configuration.txt)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 8.2.2. TCP log format | |
| --------------------- | |
| The TCP format is used when "option tcplog" is specified in the frontend, and | |
| is the recommended format for pure TCP proxies. It provides a lot of precious | |
| information for troubleshooting. Since this format includes timers and byte | |
| counts, the log is normally emitted at the end of the session. It can be | |
| emitted earlier if "option logasap" is specified, which makes sense in most | |
| environments with long sessions such as remote terminals. Sessions which match | |
| the "monitor" rules are never logged. It is also possible not to emit logs for |
jehuty0shift
/ mongo-profiling.log
Last active
September 9, 2016 16:04
Mongo DB Graylog Profiling #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "op" : "query", | |
| "ns" : "graylog2.streamrules", | |
| "query" : { | |
| "find" : "streamrules", | |
| "filter" : { | |
| "_id" : ObjectId("57a0b43a58c60d0001945495") | |
| }, | |
| "limit" : 1, | |
| "singleBatch" : true, |