Neil Craig neilstuartcraig
neilstuartcraig
/ splunk-iis-app-pool-recycle
Last active
December 14, 2020 16:16
Simple Splunk search to list IIS application pool recycles by application pool name, reason for recycle, host and time.
Updated to give more comprehensive app pool recycle Eventcode coverage (ref: http://technet.microsoft.com/en-us/library/cc735206(v=ws.10).aspx)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SourceName="Microsoft-Windows-WAS" host="*" | | |
| search recycle | | |
| rex field=Message "application pool '(?<appPool>\S*)'" | | |
| eval host=upper(host) | | |
| eval reason=case(EventCode=5074, "Worker process reached processing time limit", EventCode=5075, "Worker process reached processing request limit", EventCode=5076, "Scheduled recycle", EventCode=5077, "Worker process reached processing virtual memory limit", EventCode=5078, "ISAPI reported a problem so app pool was recycled", EventCode=5079, "Manual recycle", EventCode=5080, "Config changes forced recycle", EventCode=5080, "Config changes forced recycle due to invalidated meta data", EventCode=5117, "Worker process reached processing private vytes (RAM) limit", EventCode=5186, "Worker process was shut down due to inactivity") | | |
| table _time host EventCode appPool reason Message |
neilstuartcraig
/ gist:6965605
Last active
May 25, 2021 10:14
A system V init script for a node JS app (ghost in this case) which uses forever. This script was adapted from a blog post entry by arrow http://ghost.org/forum/installation/295-need-init-script Make sure you amend paths, usernames, descriptions etc. to your app. Also ensure you have installed forever (global installation is simplest via npm ins…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # An example init script for running a Node.js process as a service | |
| # using Forever as the process monitor. For more configuration options | |
| # associated with Forever, see: https://github.com/nodejitsu/forever | |
| # | |
| # You will need to set the environment variables noted below to conform to | |
| # your use case, and change the init info comment block. | |
| # | |
| # This was written for Debian distributions such as Ubuntu, but should still |
neilstuartcraig
/ ghost-ses-smtp-config
Created
October 17, 2013 14:08
An extract of config.js for ghost (http://ghost.org) blog app (nodejs) to allow sending email via SES (over SSL).
Note that this will fail if your website is not return-connectable by SES on your defined ghost URL i.e. your blog must be publicily available, not just runnnig on e.g. a private VM. If you're running under HTTPS then your SSL cert m…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| mail: { | |
| transport: 'SMTP', | |
| host: 'ssl://email-smtp.us-east-1.amazonaws.com', | |
| options: { | |
| port: 465, | |
| service: 'SES', | |
| auth: { | |
| user: 'YOUR-SES-ACCESS-KEY-ID', | |
| pass: 'YOUR-SES-SECRET-ACCESS-KEY' | |
| } |
neilstuartcraig
/ splunk-search-server-logging-excessive-data
Created
October 18, 2013 08:00
A splunk search which you can schedule and alert on (e.g. if number of events > 0) to let you know if any of your servers are generating large volumes of log data.
We use this at work in a suite of alerts which help us identify problems or potential security violations quickly and easily.
To this end, you'll probably want to add to this search t…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| index="_internal" source="*metrics.log" per_host_thruput | chart sum(kb) by series | rename sum(kb) to KBLogged | eval MBLogged=round(KBLogged/1024,1) | fields series MBLogged | search MBLogged>3 | sort -MBLogged |
neilstuartcraig
/ newrelic monit conf file
Created
November 18, 2013 20:41
A really, really basic monit (http://mmonit.com/) config script for newrelic sysmond process.
This is written for Debian 7 but probably will work on other *nix's
You simply need to place a file containing the below (suggest filename newrelic.conf) in your monit conf file include dir (/etc/monit/conf.d on Debian 7)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| check process newrelic with pidfile /var/run/nrsysmond.pid | |
| start program "/etc/init.d/newrelic-sysmond start" | |
| start program "/etc/init.d/newrelic-sysmond stop" | |
| if 10 restarts within 10 cycles then timeout |
neilstuartcraig
/ Secure SSL certificate configuration for Nginx (Grade A on GlobalSign SSL certificate checker)
Last active
December 30, 2015 11:29
A secure SSL certificate configuration for Nginx (Dec 2013) which mitigates most known vulnerabilities whilst providing good browser coverage and a grade A rating on the GlobalSign SSL cert checker (https://sslcheck.globalsign.com/en_GB)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ssl on; | |
| ssl_certificate /path/to/certs/thedotproduct.org.pem; | |
| ssl_certificate_key /path/to/certs/thedotproduct.org.key.unsigned; | |
| # References used along with my own work: | |
| # https://raymii.org/s/tutorials/Pass_the_SSL_Labs_Test_on_NGINX_(Mitigate_the_CRIME_and_BEAST_attack_-_Disable_SSLv2_-_Enable_PFS).html | |
| # https://coderwall.com/p/ebl2qa | |
| # http://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ | |
| # http://code-bear.com/bearlog/2013/06/26/nginx-ssl-config-for-forward-secrecy/ | |
| # https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#Rule_-_Only_Support_Strong_Cryptographic_Ciphers |
neilstuartcraig
/ Nginx http to https redirect
Created
April 4, 2014 11:37
Nginx http to https redirect (maintaining hostname, path and query string - using an HTTP 301)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| # Listen on port 80 for any IPv4 address on this server | |
| # listen docs: http://wiki.nginx.org/HttpCoreModule#listen | |
| listen 80; | |
| # Listen on only the selected hostname... | |
| server_name <HOSTNAME>; | |
| # ...or use the catchall character if you want to handle multiple hostnames | |
| # server_name _; |
neilstuartcraig
/ splunk-list-hosts-logged-last-24h
Last active
December 18, 2019 16:20
List all hosts (servers, network appliances etc. including those whose hostname is just an IP address) which have at least 1 event logged into Splunk in the last 24 hours.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| index=* earliest_time=-24h host=* | eval h=lower(host) | stats values(h) |
neilstuartcraig
/ splunk-count-hosts-24h
Created
May 21, 2014 08:06
Outputs a count of the number of hosts (servers, network appliances etc. including those whose hostname is just an IP address) which have at least 1 event logged into Splunk in the last 24 hours.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| index=* earliest_time=-24h host=* | eval h=lower(host) | stats distinct_count(h) |
neilstuartcraig
/ nsc-sublimetext-3-user-key-bindings
Created
May 22, 2014 10:05
My preferred Sublimetext (3) user key bindings/shortcuts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| { "keys": ["super+u"], "command": "upper_case" }, | |
| { "keys": ["super+l"], "command": "lower_case" }, | |
| { "keys": ["ctrl+k"], "command": "run_macro_file", "args": {"file": "res://Packages/Default/Delete Line.sublime-macro"} }, | |
| { "keys": ["super+k"], "command": "run_macro_file", "args": {"file": "res://Packages/Default/Delete Line.sublime-macro"} }, | |
| { "keys": ["super+shift+down"], "command": "duplicate_line" }, | |
| { "keys": ["super+alt+c"], "command": "git_commit_all" }, | |
| { "keys": ["super+alt+p"], "command": "git_push_origin_master" }, | |
| { "keys": ["tab"], "command": "indent"}, |
OlderNewer