Skip to content

Instantly share code, notes, and snippets.

Avatar

Larry Smith Jr. mrlesmithjr

View GitHub Profile
@mrlesmithjr
mrlesmithjr / Apache_Dashboard
Last active Aug 29, 2015
Logstash Apache Dashboard
View Apache_Dashboard
{
"title": "Apache",
"services": {
"query": {
"list": {
"0": {
"id": 0,
"color": "#7EB26D",
"alias": "Exclude from Top Page Requests",
"pin": false,
View gist:598f193aeb7b48889fbd
input {
file {
path => "/var/log/nginx/*access.log"
type => "nginx"
sincedb_path => "/var/log/.sincedb"
}
}
input {
udp {
type => "syslog"
View Juniper_logstash
if "10.0.101.1" in [msgsource_ip] {
mutate {
add_field => [ "devtype", "JUNIPER" ]
add_tag => "JUNIPER"
}
}
if [message] =~ "RT_FLOW_SESSION_CREATE" {
if "JUNIPER" in [tags] {
mutate {
add_tag => "FLOWCREATE"
View gist:d350f1a584fba2f564f2
______________________REPLACE BELOW in /etc/logstash.conf__________________
filter {
if [type] == "iis" {
if [message] =~ "^#" {
drop {}
}
grok {
break_on_match => false
match => [
"message", "<%{POSINT:syslog_pri}>%{SYSLOGTIMESTAMP} %{WORD:servername} %{TIMESTAMP_ISO8601} %{IP:hostip} %{WORD:method} %{URIPATH:request} (?:%{NOTSPACE:query}|-) %{NUMBER:port} (?:%{NOTSPACE:param}|-) %{IPORHOST:clientip} %{NOTSPACE:agent} %{NUMBER:response} %{NUMBER:subresponse} %{NUMBER:bytes} %{NUMBER:time-taken}",
View gist:26a72e081aa00c2c2c6c
using this nxlog.conf https://gist.github.com/mrlesmithjr/cf212836b9ce162373ed
using this logstash.conf https://gist.github.com/mrlesmithjr/72e99caf36fcc2b5d323
My IIS logs being sent from nxlog to logstash is merging multiple IIS log entries into one. Thoughts?
{
"_index": "logstash-2014.06.18",
"_type": "iis",
View gist:f4ec9add900ebd5f6d39
input {
file {
path => "/var/log/nginx/access.log"
type => "nginx-access"
sincedb_path => "/var/log/.nginxaccesssincedb"
}
}
input {
file {
path => "/var/log/nginx/error.log"
View gist:e1f279fb3d5462d4ea8d
input {
file {
path => "/var/log/nginx/access.log"
type => "nginx-access"
sincedb_path => "/var/log/.nginxaccesssincedb"
}
}
input {
file {
path => "/var/log/nginx/error.log"
View gist:5418614c89ae8c96da0f
# Add src_ip if not already found
filter {
if [type] == "syslog" {
if [src_ip] == "" {
mutate {
add_field => [ "src_ip", "%{syslog_hostname}" ]
}
dns {
resolve => [ "src_ip" ]
action => "replace"
View gist:d7452758846a97169a54
#!/bin/sh
/usr/local/bin/curator delete --older-than 90 2>&1 | /bin/nc logstash 28778
/usr/local/bin/curator close --older-than 30 2>&1 | /bin/nc logstash 28778
/usr/local/bin/curator bloom --older-than 2 2>&1 | /bin/nc logstash 28778
/usr/local/bin/curator optimize --older-than 2 2>&1 | /bin/nc logstash 28778
View gist:4b33e2e17fc85df8bffe
{
"title": "CollectD",
"services": {
"query": {
"list": {
"0": {
"query": "*",
"alias": "",
"color": "#7EB26D",
"id": 0,