linuxmalaysia

Keybase proof

I hereby claim:

• I am linuxmalaysia on github.
• I am linuxmalaysia (https://keybase.io/linuxmalaysia) on keybase.
• I have a public key whose fingerprint is D10A 7BC3 6E37 4688 3025 F23A E674 713A 5CA7 60C8

To claim this, I am signing this object:

linuxmalaysia

• Anggaran Penduduk, 2009 - 2014
• Anggaran Pengeluaran Mineral Tahun 2009
• Anggaran Rizab Arang Batu 2010
• Anggaran Rizab Batu Kapur 2010
• Anggaran Rizab Batuan Agregat 2010
• Anggaran Rizab Bauksit 2010
• Anggaran Rizab Bijih Besi 2010
• Anggaran Rizab Emas 2010
• Anggaran Rizab Feldspar 2010
• Anggaran Rizab Kaolin 2010

linuxmalaysia

Make sure these boxes are checked before submitting/approving the PR

General

• The code works
• The code is easy to understand
• Follows coding conventions
• Names are simple and if possible short
• Names are spelt correctly
• Names contain units where applicable
• There are no usages of magic numbers

linuxmalaysia

input {
        file {
                path => "/data/ujian/fortigate*.txt"
                start_position => beginning
                sincedb_path => "/dev/null"
                type => "fortigate"
        }
}

filter {

linuxmalaysia

Config Untuk Listbot

Contoh diambil dari

https://github.com/dtag-dev-sec/listbot



1) Git clone masukkan dalam /etc/logstash

linuxmalaysia

## https://github.com/minyk/morphline-mr/wiki/DictionariesOfGrok
## https://serverfault.com/questions/735230/why-cant-the-logstash-syslog-pri-filter-see-the-priority-in-syslog-messages

filter {
  if "syslog" in [tags] {
    grok {
      match => {
      "message" => [ "%{SYSLOG5424PRI}%{SYSLOGBASE2}", "%{SYSLOGBASE2}", "%{SYSLOGPAMSESSION}", "%{CRONLOG}", "%{SYSLOGLINE}" ]
      }
      tag_on_failure => [ "failedPattern_syslog" ]

linuxmalaysia

# %{URI:uri}
#
# %{URIPROTO:uriproto}://(?:%{USER:user}(?::[^@]*)?@)?(?:%{URIHOST:urihost})?(?:%{URIPATHPARAM:uripathparam})?
#
# %{EMAILLOCALPART:emaillocalpart}@%{HOSTNAME:emailhostname}
#
# %{EMAILADDRESS:emailaddress}

### URI / URL

linuxmalaysia

# Setup disk assisted queues

# Disable rate limit
$SystemLogRateLimitInterval 0
$SystemLogRateLimitBurst 0

$WorkDirectory /var/spool/rsyslog # where to place spool files

$ActionQueueFileName fwdRule21     # unique name prefix for spool files
$ActionQueueMaxDiskSpace 10g       # 10gb space limit (use as much as possible)

linuxmalaysia

### Logstash Grok Pattern for Bind9 input using Filebeat

%{BIND9_TIMESTAMP:timestamp}%{SPACE}%{LOGLEVEL:loglevel}:%{SPACE}client%{SPACE}%{IP:clientip}#%{POSINT:clientport}%{SPACE}\(%{DATA:query}\):%{SPACE}view%{SPACE}internal:%{SPACE}query:%{SPACE}%{DATA:query2} %{DATA:queryclass} %{DATA:querytype} %{DATA:queryflag} \(%{IP:dnsip}\)

####

grok {
  match => {
  "message" => [ "%{BIND9_TIMESTAMP:timestamp}%{SPACE}%{LOGLEVEL:loglevel}:%{SPACE}client%{SPACE}%{IP:clientip}#%{POSINT:clientport}%{SPACE}\(%{DATA:query}\):%{SPACE}view%{SPACE}internal:%{SPACE}query:%{SPACE}%{DATA:query2} %{DATA:queryclass} %{DATA:querytype} %{DATA:queryflag} \(%{IP:dnsip}\)" ]
  }

linuxmalaysia

#!/bin/sh
# origin https://gist.github.com/erlepereira/c11f4f7a3f60cd2071e79018e895fc8a
# logstash yaml "www.google.com": "known search engine"

# Choose from here https://github.com/StevenBlack/hosts
#HOSTS_RAW=https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts

##### https://raw.githubusercontent.com/StevenBlack/hosts/master/data/malwaredomainlist.com/hosts
### first must using > and others using >> for pipe
##### first file