Skip to content

Instantly share code, notes, and snippets.

Brad Lhotsky reyjrar

Block or report user

Report or block reyjrar

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
reyjrar /
Created Aug 4, 2011
Generate Snort Signature from a HTTP Request
#!/usr/bin/env perl
use strict;
use warnings;
use HTTP::Status;
use URI;
use Snort::Rule;
reyjrar /
Created Sep 29, 2011
MooseX::POE Testing
package base;
use MooseX::POE;
with qw( MooseX::POE::Aliased );
event process => sub {
my ($self,$thing) = @_[OBJECT,ARG0];
print "base::process called with $thing\n";
reyjrar /
Created Oct 5, 2011
MooseX::POE Simple STDOUT Plugin
package dns::monitor::plugin::sniffer::log::dest::stdout;
use Moose;
extends 'dns::monitor::plugin::sniffer::log';
sub write {
my ($self,$line) = @_;
print $line,"\n";
if [ "$rc" -eq "0" ]; then
reyjrar / local-cpan-mirror.txt
Created Nov 17, 2011
Local CPAN Mirror Setup, Simply
View local-cpan-mirror.txt
# Part 1 is Setting up the Mirror Server
# Install CPAN::Mini
$ curl -L | perl - --sudo CPAN::Mini
# Select a CPAN Mirror URL from
# - We'll use
# Pick a directory to mirror to, I'll use /var/www/cpan
reyjrar /
Created Nov 19, 2011
log the number of distinct hosts communicating with syslog in the past 60 minutes
# Assumes /var/log/remote/%HOSTNAME/ configuration for central logger
# collect data
time=`date +%s`;
distinct=`find /var/log/remote -mmin -60 | cut -d/ -f5| sort -u |wc -l`
# send it!
echo "syslog.distinct_hosts $distinct $time" | nc graphite 2003
reyjrar /
Created Nov 19, 2011
Manage /var/log/remote/ syslog storage, compressing and pruning older files.
# Script to manage syslog storage capacity
# Remove anything older than 1 year
find /var/log/remote/ -mindepth 2 -mtime +365 -type f -exec rm '{}' \;
# Remove empty directories
find /var/log/remote/ -type d -empty -exec rmdir '{}' \;
reyjrar / New-iTerm-Window.scpt
Created Feb 8, 2012
AppleScript to Open a New iTerm Window and bring it to the front
View New-iTerm-Window.scpt
* New-iTerm-Window.scpt
* Intended for use with QuickSilver
* I mapped option-y to running this script to create
* a new iTerm window on the current workspace
* Based on much Googling - very little "original" code here
* Comments/Suggestions to
reyjrar / logstash.conf
Created Jul 5, 2012
LogStash Configuration
View logstash.conf
input {
tcp {
type => "syslog"
port => 8514
filter {
reyjrar / accumulate.c
Created Aug 28, 2012
incomplete C code I'm workign on for adding accumulation of attributes to OSSEC-HIDS
View accumulate.c
int Accumulate(Eventinfo *lf)
// Declare our variables
bool do_update = false;
char _key[OS_ACM_MAXKEY];
char _data[OS_ACM_MAXDATA];
char hashed_line[OS_ACM_MAXDATA];
char hash_buffer[OS_ACM_MAXELM];
You can’t perform that action at this time.