theherodied
theherodied
/ graylog winlogbeat event id 4624
Last active
November 20, 2023 15:36
Graylog windows event log boilerplate removal
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| An account was successfully logged on. | |
| Subject: | |
| Security ID: S-1-0-0 | |
| Account Name: - | |
| Account Domain: - | |
| Logon ID: 0x0 | |
| Logon Information: | |
| Logon Type: 3 |
theherodied
/ Graylog pipeline rules remove characters from end of string and convert timestamp
Last active
September 19, 2019 15:28
Graylog pipeline rules remove characters from end of string and convert timestamp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| I’m sending logs from Fortinet FortiAnalyzer to Graylog in CEF formatting. | |
| I’m having issues with forwarded logs from a certain type of device. | |
| The first issue is that the field values have " .ad" added to the end of them. | |
| The second issue is the timestamp is coming in as UTC but being seen as EDT/EST so logs are ahead 4 hours. | |
| I setup a raw TCP input to send the CEF TCP messages to, they look like this: | |
| Sep 12 17:20:15 ems CEF:0|Fortinet|FortiClient-EMS|1.2|0| traffic|5|start=Sep 12 2019 17:20:15 ad.logver=N/A cat=traffic deviceSeverity=notice externalID=N/A dhost=N/A ad.pcdomain=subdomain.company.com ad.uid=N/A deviceExternalId=FCT8104243435915 ad.fgtserial=N/A ad.emsserial=FCTEMS0000000824 ad.regip=N/A shost=chrome.exe ad.srcproduct=Chrome src=10.10.100.101 spt=N/A ad.direction=outbound dst=N/A ad.remotename=yahoo.com dpt=443 duser=remployee@subdomain.company.com proto=6 in=N/A out=N/A ad.utmaction=userbrowsed ad.utmevent=webfilter ad.threat=Search ad.vd=root ad.fctver=1.0.1.0020 ad.os=cros ad.usingpol |
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .1.2.840.10006.300.43.1.1.1.1.1.55 = INTEGER: 55 | |
| .1.2.840.10006.300.43.1.1.1.1.2.55 = Hex-STRING: 8C EA 1B FB 92 B3 | |
| .1.2.840.10006.300.43.1.1.1.1.3.55 = INTEGER: 65535 | |
| .1.2.840.10006.300.43.1.1.1.1.4.55 = Hex-STRING: 8C EA 1B FB 92 B3 | |
| .1.2.840.10006.300.43.1.1.1.1.5.55 = INTEGER: 1 | |
| .1.2.840.10006.300.43.1.1.1.1.6.55 = INTEGER: 0 | |
| .1.2.840.10006.300.43.1.1.1.1.7.55 = INTEGER: 13 | |
| .1.2.840.10006.300.43.1.1.1.1.8.55 = Hex-STRING: 44 38 39 FF 00 01 | |
| .1.2.840.10006.300.43.1.1.1.1.9.55 = INTEGER: 0 | |
| .1.2.840.10006.300.43.1.1.1.1.10.55 = INTEGER: 13 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| The dogt1qPvid indexing does not index by ifIndex. To get the ifindex you have to look at the ifindex to dot1xBasePortIfIndex. RFC 4188 (BRIDGE-MIB) defines the | |
| dot1dBasePortIfIndex OBJECT-TYPE | |
| SYNTAX InterfaceIndex | |
| MAX-ACCESS read-only | |
| STATUS current | |
| DESCRIPTION | |
| "The value of the instance of the ifIndex object, | |
| defined in IF-MIB, for the interface corresponding | |
| to this port." |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * cumulus.inc.php | |
| * | |
| * This program is free software: you can redistribute it and/or modify | |
| * it under the terms of the GNU General Public License as published by | |
| * the Free Software Foundation, either version 3 of the License, or | |
| * (at your option) any later version. | |
| * | |
| * This program is distributed in the hope that it will be useful, |
theherodied
/ gist:9cda7b34786ef8e0bbaa45efa07843fa
Last active
April 25, 2018 03:07
Example Nginx Librenms Config /etc/nginx/conf.d/librenms.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen 80; | |
| listen [::]:80; | |
| server_name librenms.company.com; | |
| return 301 https://$server_name$request_uri; | |
| } | |
| server { | |
| listen 443 ssl http2; | |
| listen [::]:443 ssl http2; |
theherodied
/ gist:f48c1757be90d57ffc42498a2b561e69
Last active
April 17, 2018 17:37
Example /etc/nginx/conf.d/oxidized.conf file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen 80; | |
| listen [::]:80; | |
| server_name oxidized.company.com; | |
| return 301 https://$server_name$request_uri; | |
| } | |
| server { | |
| listen 443 ssl http2; | |
| listen [::]:443 ssl http2; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * tegile.inc.php | |
| * | |
| * LibreNMS storage discovery module for Tegile Storage | |
| * | |
| * This program is free software: you can redistribute it and/or modify | |
| * it under the terms of the GNU General Public License as published by | |
| * the Free Software Foundation, either version 3 of the License, or | |
| * (at your option) any later version. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| os: tegile | |
| text: 'Tegile IntelliFlash' | |
| type: storage | |
| icon: tegile | |
| over: | |
| - { graph: device_bits, text: 'Device Traffic' } | |
| - { graph: device_storage, text: 'Storage Usage' } | |
| mib_dir: | |
| - tegile |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * nimbleos.inc.php | |
| * | |
| * LibreNMS storage discovery module for Nimble Storage | |
| * | |
| * This program is free software: you can redistribute it and/or modify | |
| * it under the terms of the GNU General Public License as published by | |
| * the Free Software Foundation, either version 3 of the License, or | |
| * (at your option) any later version. |
NewerOlder