reyjrar

int Accumulate(Eventinfo *lf)
{
    // Declare our variables
    bool do_update = false;

    char _key[OS_ACM_MAXKEY];
    char _data[OS_ACM_MAXDATA];

    char hashed_line[OS_ACM_MAXDATA];
    char hash_buffer[OS_ACM_MAXELM];

reyjrar

#!/bin/sh

BASEDIR=$HOME/code/project
UPSTREAM="$BASEDIR/upstream"
WORKING="$BASEDIR/working"

RSYNC_OPTS=""
(( $DEBUG )) && RSYNC_OPTS="--dry-run -v"

cd $UPSTREAM;

reyjrar

# Rsyslog Defaults
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$WorkDirectory /var/run/rsyslog  # Default Location for Work Files

# Modules
$ModLoad immark
$ModLoad imklog
$ModLoad imuxsock

# Local Logging

reyjrar

select
     CAST(regexp_replace( CAST( ip | inet '0.0.0.255' as TEXT), '255/32$', '0') || '/24' as inet) as network,
     regexp_replace( CAST( ip | inet '0.0.0.255' as TEXT), '255/32$', '0') as network_addr,
     count(1) as clients,
     to_char(min(first_ts), 'YYYY-MM-DD HH24:MI') as first_ts,
     to_char(max(last_ts), 'YYYY-MM-DD HH24:MI') as last_ts,
     bool_or(is_local) as is_local
from client
     group by ip | inet '0.0.0.255'

reyjrar

select
    srv.id,
    srv.ip,
    r.opcode,
    r.status,
    count(1) as queries,
    sum(count(1)) OVER (PARTITION BY r.server_id) as total

from packet_response r
     inner join server srv on r.server_id = srv.id

reyjrar

#!/usr/bin/env perl

use strict;
use warnings;

use Irssi;
use Irssi::Irc;
use MIME::Lite;
use Sys::Hostname;

reyjrar

/* Escape a set of characters */
char *os_shell_escape(const char *src) {
    // Maximum Length of the String is 2xthe current length
    char shell_escapes[] = { '\\', '"', '\'', ' ', '\t', ';', '`', '>', '<', '|', '#',
                            '*', '[', ']', '{', '}', '&', '$', '!', ':', '(', ')' };

    char *escaped_string;
    int length = 0;
    int i = 0;

reyjrar

commit 47f1803471ec4c8f9c69c42680019bc002ef304b
Author: Brad Lhotsky <brad.lhotsky@booking.com>
Date:   Tue May 28 17:59:21 2013 +0200

    Active response was not passing the filename in file events, ie,
    syscheck.  The Eventinfo struct only included file data for builds with
    Prelude integration.  This prevented the AR from handing filename off
    anyways.
    * Eventinfo now contains file data always
    * Added *expect* option for 'filename'

reyjrar

<!-- AXFR Logs

06-Mar-2013 09:16:37.228 xfer-out: client 10.1.1.5#37937: view internal: transfer of 'example.com/IN': IXFR started
06-Mar-2013 09:16:37.228 xfer-out: client 10.1.1.5#37937: view internal: transfer of 'example.com/IN': IXFR ended
06-Mar-2013 09:18:26.971 xfer-out: client 10.1.6.3#35733: view internal: transfer of 'test.example.com/IN': AXFR-style IXFR started
06-Mar-2013 09:18:26.974 xfer-out: client 10.1.6.3#35733: view internal: transfer of 'test.example.com/IN': AXFR-style IXFR ended

-->

<decoder name="bind-axfr-start">

reyjrar

<!-- Decoder to enable extracting data from the crontab command

      Aug 30 17:13:02 server.example.com crontab[1347]: (root) LIST (root)
      Aug 30 17:13:38 server.example.com crontab[2852]: (root) BEGIN EDIT (root)
      Aug 30 17:13:41 server.example.com crontab[2852]: (root) REPLACE (root)
      Aug 30 17:13:41 server.example.com crontab[2852]: (root) END EDIT (root)
      Aug 30 17:14:01 server.example.com crond[1756]: (root) RELOAD (/var/spool/cron/root)
      Aug 30 17:14:01 server.example.com CROND[4018]: (root) CMD (/usr/lib64/sa/sa1 1 1)
      Aug 30 17:14:06 server.example.com crontab[4030]: (root) LIST (root)
      Aug 30 17:15:01 server.example.com CROND[5818]: (root) CMD (/usr/lib64/sa/sa1 1 1)