Steve Elliott tegud

## docker-compose-logstash-1.4.2.yml
logstash:
  image: pblittle/docker-logstash
  volumes:
   - ./logstash-config:/opt/logstash/conf.d/
   - /var/log/logstash:/var/log/logstash
   - ./geoip:/opt/logstash/vendor/geoip/
   - ./ssl:/opt/ssl/

## Index.js
var fs = require('fs');
var crypto = require('crypto');

function randomValueBase64 (len) {
    return crypto.randomBytes(Math.ceil(len * 3 / 4))
        .toString('base64')   // convert to base64 format
        .slice(0, len)        // return required number of characters
        .replace(/\+/g, '0')  // replace '+' with '0'
        .replace(/\//g, '0'); // replace '/' with '0'
}

## gist:04337f1eb7345c3dfd7f
[
	{
		"username": "selliott",
		"firstName": "Steve",
		"lastName": "Elliott",
		"email": "not.a.real@address.com",
		"password": "fgtdfgjgertu",
		"javaClass": "com.untangle.uvm.LocalDirectoryUser",
		"expirationTime": 0
	}

## gist:8c609166dc19f7d3c524
[
	{
		"username": "selliott",
		"firstName": "Steve",
		"lastName": "Elliott",
		"email": "not.a.real@address.com",
		"password": "fgtdfgjgertu"
	}
]

## index.js
var fs = require('fs');
var crypto = require('crypto');

function randomValueBase64 (len) {
    return crypto.randomBytes(Math.ceil(len * 3 / 4))
        .toString('base64')   // convert to base64 format
        .slice(0, len)        // return required number of characters
        .replace(/\+/g, '0')  // replace '+' with '0'
        .replace(/\//g, '0'); // replace '/' with '0'
}

## translate-example.rb
filter {
    translate {
        regex => true
        field => "url_page"
        destination => "url_page_type"
        fallback => "unknown"
        dictionary => [
          "\/((k[0-9]+_[a-zA-Z0-9\-\%'()]*)|(r[0-9]+_hotel[a-zA-Z0-9\-\%'()]*)|((H|h)otels(-p[0-9]+)?)|(AjaxSearch|Mobile(Ajax|Search)))\.aspx$", "search"
      ]
    }

## grok-url-2.rb
filter {
grok {
        match => [ "url_path", "^(?:\/(?<url_language>en|de|es|it|fr))?(?:\/p(?<url_partner>[0-9]+))?(?:\/pv(?<url_partner_value>[0-9a-zA-Z]+))?(?<url_page>.*)$" ]
    }
}

## conditional-categorise.rb
if [url_path] =~ /^\/status$/ {
    mutate { add_tag => "health-check" }
} else if [url_path] =~ /^\/beacon\// {
    mutate { add_tag => "beacon" }
} else {
    mutate { add_tag => "content" }
}

## Dockerfile
FROM logstash:1.5.3
RUN /opt/logstash/bin/plugin install logstash-filter-translate
RUN /opt/logstash/bin/plugin install logstash-filter-json_encode

## build docker.cmd
full_image_id = "#{registry_or_docker_hub_user}/#{name}:#{tag}"
// Example: docker-registry.laterooms.com:5000/tlrg-logstash-central:7e88f94a87d90312ad315d15ab4f34a90b1daf97

sudo docker build -t #{full_image_id} .
	logstash:
	image: pblittle/docker-logstash
	volumes:
	- ./logstash-config:/opt/logstash/conf.d/
	- /var/log/logstash:/var/log/logstash
	- ./geoip:/opt/logstash/vendor/geoip/
	- ./ssl:/opt/ssl/
	var fs = require('fs');
	var crypto = require('crypto');

	function randomValueBase64 (len) {
	return crypto.randomBytes(Math.ceil(len * 3 / 4))
	.toString('base64') // convert to base64 format
	.slice(0, len) // return required number of characters
	.replace(/\+/g, '0') // replace '+' with '0'
	.replace(/\//g, '0'); // replace '/' with '0'
	}
	[
	{
	"username": "selliott",
	"firstName": "Steve",
	"lastName": "Elliott",
	"email": "not.a.real@address.com",
	"password": "fgtdfgjgertu",
	"javaClass": "com.untangle.uvm.LocalDirectoryUser",
	"expirationTime": 0
	}
	filter {
	translate {
	regex => true
	field => "url_page"
	destination => "url_page_type"
	fallback => "unknown"
	dictionary => [
	"\/((k[0-9]+_[a-zA-Z0-9\-\%'()])\|(r[0-9]+_hotel[a-zA-Z0-9\-\%'()])\|((H\|h)otels(-p[0-9]+)?)\|(AjaxSearch\|Mobile(Ajax\|Search)))\.aspx$", "search"
	]
	}
	filter {
	grok {
	match => [ "url_path", "^(?:\/(?<url_language>en\|de\|es\|it\|fr))?(?:\/p(?<url_partner>[0-9]+))?(?:\/pv(?<url_partner_value>[0-9a-zA-Z]+))?(?<url_page>.*)$" ]
	}
	}
	if [url_path] =~ /^\/status$/ {
	mutate { add_tag => "health-check" }
	} else if [url_path] =~ /^\/beacon\// {
	mutate { add_tag => "beacon" }
	} else {
	mutate { add_tag => "content" }
	}
	FROM logstash:1.5.3
	RUN /opt/logstash/bin/plugin install logstash-filter-translate
	RUN /opt/logstash/bin/plugin install logstash-filter-json_encode
	full_image_id = "#{registry_or_docker_hub_user}/#{name}:#{tag}"
	// Example: docker-registry.laterooms.com:5000/tlrg-logstash-central:7e88f94a87d90312ad315d15ab4f34a90b1daf97

	sudo docker build -t #{full_image_id} .