Skip to content

Instantly share code, notes, and snippets.

Brad Lhotsky reyjrar

Block or report user

Report or block reyjrar

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@reyjrar
reyjrar / .es-utils.yaml
Last active May 19, 2019
More advanced es-utils configuration for multiple index coverage
View .es-utils.yaml
---
host: localhost
port: 9200
base: syslog
days: 1
meta:
access:
timestamp: timestamp
ossec:
timestamp: ts
@reyjrar
reyjrar / es-utils.yaml
Last active May 19, 2019
Simple es-utils config
View es-utils.yaml
---
host: localhost
port: 9200
base: syslog
days: 1
timestamp: '@timestamp'
@reyjrar
reyjrar / errors.log
Last active Nov 20, 2016
Sample Queries with es-search.pl
View errors.log
brad@janus $ es-search.pl --top program error
= Querying Indexes: syslog-2016.11.20
count program
487 sshd
33 postfix/smtpd
24 postfix/smtps/smtpd
1 freshclam
# Search Parameters:
# {"bool":{"must":[{"query_string":{"query":"error"}}]}}
# Displaying 4 of 545 in 0 seconds.
@reyjrar
reyjrar / logstash-config-broken.conf - Starting Point
Last active Aug 4, 2016
Massive Parse Tree Failure in Logstash 5.0.0-alpha3
View logstash-config-broken.conf - Starting Point
input {
udp {
host => "127.0.0.1"
port => 9514
type => "syslog"
}
}
filter {
# This grok FAILS with a PARSE ERROR
grok {
@reyjrar
reyjrar / unbound.pp
Created May 7, 2016
Puppet class to install unbound and use yoyo.org for blocking ad servers.
View unbound.pp
# puppet module install zleslie-unbound
class dns::caching {
# I'm using extlookup for a very small personal network, could be hiera
$trusted_ipv4 = extlookup('trusted_ipv4')
$trusted_ipv6 = extlookup('trusted_ipv6')
realize(Group['unbound'])
realize(User['unbound'])
$local_ad_servers = "/etc/unbound/local.d/adservers.conf"
View keybase.md

Keybase proof

I hereby claim:

  • I am reyjrar on github.
  • I am reyjrar (https://keybase.io/reyjrar) on keybase.
  • I have a public key ASBhL2F7FpCetTBbHeSajnZusy0pe2QJNTX69go64Lwm_wo

To claim this, I am signing this object:

@reyjrar
reyjrar / es-utils-4.4-release-notes
Created Feb 27, 2016
es-utils-4.4-release-notes
View es-utils-4.4-release-notes
==================================================
Changes from 2014-02-27 00:00:00 +0000 to present.
==================================================
----------------------------------------
version 4.4 at 2016-02-27 07:15:06 +0000
----------------------------------------
Change: 4a832f92659ebc575d2de0948dbb01b8e349138b
Author: Brad Lhotsky <blhotsky@craigslist.org>
@reyjrar
reyjrar / emailnotifications.pl
Last active Nov 19, 2015
Email notifications for privmsgs, mentions, and hilights.
View emailnotifications.pl
#!/usr/bin/env perl
use strict;
use warnings;
use Irssi;
use Irssi::Irc;
use MIME::Lite;
use Sys::Hostname;
@reyjrar
reyjrar / del-aggregated.sql
Created May 30, 2015
Deletion with Aggregated Data
View del-aggregated.sql
WITH dups AS(
select response_id, answer_id, section
from meta_answer
group by response_id, answer_id, section
having count(1) > 1
)
DELETE FROM meta_answer ma
WHERE EXISTS (
SELECT 1
FROM dups
View gist:54c69ed1c7817368fa46
#!/usr/bin/env perl
#
use strict;
use warnings;
use Benchmark qw(cmpthese timethese);
my @tests = (
q{testing 12345 some more stuff},
q{123 testing some stuff},
You can’t perform that action at this time.