This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
An account was successfully logged on. | |
Subject: | |
Security ID: S-1-0-0 | |
Account Name: - | |
Account Domain: - | |
Logon ID: 0x0 | |
Logon Information: | |
Logon Type: 3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I’m sending logs from Fortinet FortiAnalyzer to Graylog in CEF formatting. | |
I’m having issues with forwarded logs from a certain type of device. | |
The first issue is that the field values have " .ad" added to the end of them. | |
The second issue is the timestamp is coming in as UTC but being seen as EDT/EST so logs are ahead 4 hours. | |
I setup a raw TCP input to send the CEF TCP messages to, they look like this: | |
Sep 12 17:20:15 ems CEF:0|Fortinet|FortiClient-EMS|1.2|0| traffic|5|start=Sep 12 2019 17:20:15 ad.logver=N/A cat=traffic deviceSeverity=notice externalID=N/A dhost=N/A ad.pcdomain=subdomain.company.com ad.uid=N/A deviceExternalId=FCT8104243435915 ad.fgtserial=N/A ad.emsserial=FCTEMS0000000824 ad.regip=N/A shost=chrome.exe ad.srcproduct=Chrome src=10.10.100.101 spt=N/A ad.direction=outbound dst=N/A ad.remotename=yahoo.com dpt=443 duser=remployee@subdomain.company.com proto=6 in=N/A out=N/A ad.utmaction=userbrowsed ad.utmevent=webfilter ad.threat=Search ad.vd=root ad.fctver=1.0.1.0020 ad.os=cros ad.usingpol |
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
.1.2.840.10006.300.43.1.1.1.1.1.55 = INTEGER: 55 | |
.1.2.840.10006.300.43.1.1.1.1.2.55 = Hex-STRING: 8C EA 1B FB 92 B3 | |
.1.2.840.10006.300.43.1.1.1.1.3.55 = INTEGER: 65535 | |
.1.2.840.10006.300.43.1.1.1.1.4.55 = Hex-STRING: 8C EA 1B FB 92 B3 | |
.1.2.840.10006.300.43.1.1.1.1.5.55 = INTEGER: 1 | |
.1.2.840.10006.300.43.1.1.1.1.6.55 = INTEGER: 0 | |
.1.2.840.10006.300.43.1.1.1.1.7.55 = INTEGER: 13 | |
.1.2.840.10006.300.43.1.1.1.1.8.55 = Hex-STRING: 44 38 39 FF 00 01 | |
.1.2.840.10006.300.43.1.1.1.1.9.55 = INTEGER: 0 | |
.1.2.840.10006.300.43.1.1.1.1.10.55 = INTEGER: 13 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The dogt1qPvid indexing does not index by ifIndex. To get the ifindex you have to look at the ifindex to dot1xBasePortIfIndex. RFC 4188 (BRIDGE-MIB) defines the | |
dot1dBasePortIfIndex OBJECT-TYPE | |
SYNTAX InterfaceIndex | |
MAX-ACCESS read-only | |
STATUS current | |
DESCRIPTION | |
"The value of the instance of the ifIndex object, | |
defined in IF-MIB, for the interface corresponding | |
to this port." |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* cumulus.inc.php | |
* | |
* This program is free software: you can redistribute it and/or modify | |
* it under the terms of the GNU General Public License as published by | |
* the Free Software Foundation, either version 3 of the License, or | |
* (at your option) any later version. | |
* | |
* This program is distributed in the hope that it will be useful, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 80; | |
listen [::]:80; | |
server_name librenms.company.com; | |
return 301 https://$server_name$request_uri; | |
} | |
server { | |
listen 443 ssl http2; | |
listen [::]:443 ssl http2; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 80; | |
listen [::]:80; | |
server_name oxidized.company.com; | |
return 301 https://$server_name$request_uri; | |
} | |
server { | |
listen 443 ssl http2; | |
listen [::]:443 ssl http2; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* tegile.inc.php | |
* | |
* LibreNMS storage discovery module for Tegile Storage | |
* | |
* This program is free software: you can redistribute it and/or modify | |
* it under the terms of the GNU General Public License as published by | |
* the Free Software Foundation, either version 3 of the License, or | |
* (at your option) any later version. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
os: tegile | |
text: 'Tegile IntelliFlash' | |
type: storage | |
icon: tegile | |
over: | |
- { graph: device_bits, text: 'Device Traffic' } | |
- { graph: device_storage, text: 'Storage Usage' } | |
mib_dir: | |
- tegile |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* nimbleos.inc.php | |
* | |
* LibreNMS storage discovery module for Nimble Storage | |
* | |
* This program is free software: you can redistribute it and/or modify | |
* it under the terms of the GNU General Public License as published by | |
* the Free Software Foundation, either version 3 of the License, or | |
* (at your option) any later version. |
NewerOlder