Skip to content

Instantly share code, notes, and snippets.

Brad Lhotsky reyjrar

Block or report user

Report or block reyjrar

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@reyjrar
reyjrar / es-utils.yaml
Last active May 19, 2019
Simple es-utils config
View es-utils.yaml
---
host: localhost
port: 9200
base: syslog
days: 1
timestamp: '@timestamp'
@reyjrar
reyjrar / .es-utils.yaml
Last active May 19, 2019
More advanced es-utils configuration for multiple index coverage
View .es-utils.yaml
---
host: localhost
port: 9200
base: syslog
days: 1
meta:
access:
timestamp: timestamp
ossec:
timestamp: ts
@reyjrar
reyjrar / elasticsearch.yml
Last active Apr 22, 2019
ElasticSearch config for a write-heavy cluster
View elasticsearch.yml
##################################################################
# /etc/elasticsearch/elasticsearch.yml
#
# Base configuration for a write heavy cluster
#
# Cluster / Node Basics
cluster.name: logng
# Node can have abritrary attributes we can use for routing
@reyjrar
reyjrar / New-iTerm-Window.scpt
Created Feb 8, 2012
AppleScript to Open a New iTerm Window and bring it to the front
View New-iTerm-Window.scpt
(*
* New-iTerm-Window.scpt
*
* Intended for use with QuickSilver
* I mapped option-y to running this script to create
* a new iTerm window on the current workspace
*
* Based on much Googling - very little "original" code here
* Comments/Suggestions to brad.lhotsky@gmail.com
*)
@reyjrar
reyjrar / logstash-template.json
Last active Jul 4, 2018
Template for logstash indexes
View logstash-template.json
{
"template": "logstash-*",
"settings" : {
"index.number_of_shards" : 3,
"index.number_of_replicas" : 1,
"index.query.default_field" : "@message",
"index.routing.allocation.total_shards_per_node" : 2,
"index.auto_expand_replicas": false
},
"mappings": {
@reyjrar
reyjrar / local-cpan-mirror.txt
Created Nov 17, 2011
Local CPAN Mirror Setup, Simply
View local-cpan-mirror.txt
#=======================================
# Part 1 is Setting up the Mirror Server
# Install CPAN::Mini
$ curl -L http://cpanmin.us | perl - --sudo CPAN::Mini
# Select a CPAN Mirror URL from http://mirrors.cpan.org/
# - We'll use http://cpan.pair.com
# Pick a directory to mirror to, I'll use /var/www/cpan
@reyjrar
reyjrar / ossec-accumulator-2.7.0.patch
Created Nov 26, 2012
OSSEC Accumulator Patch against 2.7.0
View ossec-accumulator-2.7.0.patch
diff --git a/etc/decoder.xml b/etc/decoder.xml
index a7846ad..1087918 100755
--- a/etc/decoder.xml
+++ b/etc/decoder.xml
@@ -1841,6 +1841,7 @@
</decoder>
<!-- decoder for active responses as logged by an OSSEC agent or server
+
- Examples
@reyjrar
reyjrar / logstash.conf
Created Jul 5, 2012
LogStash Configuration
View logstash.conf
input {
tcp {
type => "syslog"
port => 8514
}
}
filter {
## DISCARD IMPROPERLY FORMATTED MESSAGES
@reyjrar
reyjrar / errors.log
Last active Nov 20, 2016
Sample Queries with es-search.pl
View errors.log
brad@janus $ es-search.pl --top program error
= Querying Indexes: syslog-2016.11.20
count program
487 sshd
33 postfix/smtpd
24 postfix/smtps/smtpd
1 freshclam
# Search Parameters:
# {"bool":{"must":[{"query_string":{"query":"error"}}]}}
# Displaying 4 of 545 in 0 seconds.
@reyjrar
reyjrar / logstash-config-broken.conf - Starting Point
Last active Aug 4, 2016
Massive Parse Tree Failure in Logstash 5.0.0-alpha3
View logstash-config-broken.conf - Starting Point
input {
udp {
host => "127.0.0.1"
port => 9514
type => "syslog"
}
}
filter {
# This grok FAILS with a PARSE ERROR
grok {
You can’t perform that action at this time.