jpclipffel

for pvc in $(kubectl get pvc | tail -n+2 | awk '{print $1}'); do
  kubectl patch pvc ${pvc} -p '{"metadata":{"finalizers": []}}' --type=merge
  kubectl delete pvc ${pvc}
done

jpclipffel

import sys
import requests
from lxml import etree


def get_app_info(app_id, app_name, country='lu', lang='fr-fr'):
    '''Fetches an application page and returns a set of contextual information.

    :param str app_id:      Application ID
    :param str app_name:    Application name

jpclipffel

Ansible - Helm management

Get releases list

- name: Get all Helm releases
  shell: >
    helm list -o yaml
  register: _helm_releases

jpclipffel

ELK - Remote clusters example

How to setup an Elasticsearch remote clusters lab.

Docker compose

Notes:

• Adapt the volumes definition
• Run with docker-compose up

jpclipffel

Python and Brew on MacOS Catalina

Installation

• Install Brew's OpenSSL: brew install openssl
• Install Brew's Python3: brew install python3

Configure

Add the following configuration to a ~/.bashrc or ~/.zshrc:

jpclipffel

Python - Multiprocessing managers with class

Demonstrate how to create a multiprocessing's manager server exposing a class.

Proxies

from multiprocessing.managers import BaseProxy


class GeneratorProxy(BaseProxy):
    """Manager's proxy for generators.

jpclipffel

Splunk - Office365 parsing

How to re-parse Office365 logs collected from the application splunk_ta_o365.

Context

The add-on splunk_ta_o365 may sometimes produces multi-lines JSON events (ie. an event with several JSON objects separated by a new line). The following modification change the line breaker configuration.

Edit the line breaker configuration

Edit the file $SPLUNK_HOME/etc/apps/splunk_ta_o365/local/props.conf (create it if it doesn't exists) and add the following lines:

jpclipffel

Splunk - Swift SAA JSON logs

How to ingest Swift SAA (Swift Alliance Access) logs in Splunk

SAA confguration

The SAA must be configured to:

• forwards its logs through syslog
• use the JSON (not formatted) format

jpclipffel

Splunk - Data input routing

How to map logs received from multiple hosts on the same local port to the correct sourcetype and index.

Scenario

The Splunk data input UDP:514 receives events from the following devices:

• 10.0.0.1: A Netfilter firewall
• 10.0.0.2: A Squid proxy instance (1/2)
• 10.0.0.3: A Squid proxy instance (2/2)

We want to separate logs comming from the Firewall (10.0.0.1) and the Proxies (10.0.0.2 and 10.0.0.3):

jpclipffel

Elasticsearch - Aggregations and buckets filtering

How to aggregate search results over specific fields (Buckets Aggregations), calculate their properties (Metrics Aggregation) and filter buckets on their properties (Pipeline Aggregation).

Scenario

This is the search scenario (what we would like to catch):

Find out a potential web sweep (an attacker looking for listening HTTP servers in the network). If a single IP try to connect on too amby hosts on the same port, it may indicates a suspicous activity.

Initial search

Search for all documents with a dest_port field matching the value 80 over the past 3 days.