jlisbz’s gists

jlisbz / grok-patterns

Created August 21, 2019 14:36 — forked from mesimeris/grok-patterns

LOGSTASH: syslog listener filtering with grok patterns and applying useful tags

	# NOTE: These patterns take into account the additional log-line information passed to the logstash listener from rsyslog. YMMV.

	DHCPD ((%{SYSLOGTIMESTAMP:timestamp})\s(%{HOSTNAME:hostname})\sdhcpd\S+\s(%{WORD:dhcp_action})?.[for\|on] (%{IPV4:dhcp_client_ip})?.[from\|to] (%{COMMONMAC:dhcp_client_mac})?.via (%{USERNAME:interface}))
	IPTABLES ((%{SYSLOGTIMESTAMP:nf_timestamp})\s(%{HOSTNAME:nf_host})\skernel\S+\s(%{WORD:nf_action})?.IN=(%{USERNAME:nf_in_interface})?.OUT=(%{USERNAME:nf_out_interface})?.MAC=(%{COMMONMAC:nf_dst_mac}):(%{COMMONMAC:nf_src_mac})?.SRC=(%{IPV4:nf_src_ip}).DST=(%{IPV4:nf_dst_ip}).PROTO=(%{WORD:nf_protocol}).?SPT=(%{INT:nf_src_port}?.DPT=%{INT:nf_dst_port}?.))
	DNS ((%{MONTHDAY:day})-(%{MONTH:month})-(%{YEAR:year}) (%{TIME:timestamp}) client (%{IPV4:dns_client_ip})#(%{NONNEGINT:dns_uuid})?.query: (%{HOSTNAME:dns_dest}) (%{WORD:dns_type}) (%{WORD:dns_record})?.(%{IPV4:dns_server}))
	PGSQL ((%{SYSLOGTIMESTAMP:pgsql_timestamp}) (%{HOSTNAME:pgsql_hostname})?.*SAST >(%{WORD:pgs

jlisbz / ossec-kibana-dashboard1

Created February 3, 2016 20:07 — forked from marten-cz/ossec-kibana-dashboard1

Kibana dashboard for OSSEC instalation

	{
	"title": "OSSEC MONITORING DASHBOARD",
	"services": {
	"query": {
	"idQueue": [
	0,
	1
	],
	"list": {
	"10": {

jlisbz / pfsense_kibana_dash_v1.json

Created January 31, 2016 07:22 — forked from elijahpaul/pfsense_kibana_dash_v1.json

pfSense firewall dashboard (Kibana)

	{
	"title": "PFSense Firewall",
	"services": {
	"query": {
	"idQueue": [],
	"list": {
	"0": {
	"query": "tags: \"PFSense\" AND action: \"pass\"",
	"alias": "Passed",
	"color": "#6ED0E0",

jlisbz / pfsense2-2.grok

Created January 31, 2016 00:00 — forked from elijahpaul/pfsense2-2.grok

pfsense2-2.grok

	# GROK match pattern for logstash.conf filter: %{LOG_DATA}%{IP_SPECIFIC_DATA}%{IP_DATA}%{PROTOCOL_DATA}

	# GROK Custom Patterns (add to patterns directory and reference in GROK filter for pfSense events):

	# GROK Patterns for pfSense 2.2 Logging Format
	#
	# Created 27 Jan 2015 by J. Pisano (Handles TCP, UDP, and ICMP log entries)
	# Edited 14 Feb 2015 by E. Paul
	#
	# Usage: Use with following GROK match pattern

jlisbz / kibana_ubuntu.sh

Created January 30, 2016 21:55 — forked from buonzz/kibana_ubuntu.sh

Install Kibana on Ubuntu

	wget https://download.elastic.co/kibana/kibana/kibana-4.3.1-linux-x64.tar.gz
	gunzip kibana-4.3.1-linux-x64.tar.gz
	tar -xvf kibana-4.3.1-linux-x64.tar
	mkdir /opt/kibana
	cp -Rrvf kibana-4.3.1-linux-x64/* /opt/kibana/
	cd /etc/init.d/
	wget https://gist.githubusercontent.com/thisismitch/8b15ac909aed214ad04a/raw/bce61d85643c2dcdfbc2728c55a41dab444dca20/kibana4
	chmod +x /etc/init.d/kibana4
	update-rc.d kibana4 defaults 96 9
	/etc/init.d/kibana4 restart

jlisbz / Zero Downtime (part 1 of 3)

Created January 13, 2016 04:39 — forked from abronner/Zero Downtime (part 1 of 3)

Elasticsearch-Toronto Meetup: Zero Downtime (April 21, 2015)

	# ----------------------------------------------------------------------------------------------------------------
	# Elasticsearch-Toronto Meetup: Zero Downtime (part 1 of 3)
	# ----------------------------------------------------------------------------------------------------------------
	# My presentation at the second elasticsearch meetup in Toronto
	# April 21, 2015
	# http://www.meetup.com/ElasticSearch-toronto
	# http://www.meetup.com/Elasticsearch-Toronto/events/220384588/
	# ----------------------------------------------------------------------------------------------------------------
	# Demo with elasticsearch 1.5.1 and Marvel/Sense
	# Installation: http://www.elasticsearch.org/guide/en/elasticsearch/guide/current/_installing_elasticsearch.html

jlisbz / storeImgInMongoWithMongoose.js

Created June 23, 2014 03:40 — forked from aheckmann/storeImgInMongoWithMongoose.js

	/**
	* Module dependencies
	*/

	var express = require('express');
	var fs = require('fs');
	var mongoose = require('mongoose');
	var Schema = mongoose.Schema;

	// img path

	# NOTE: These patterns take into account the additional log-line information passed to the logstash listener from rsyslog. YMMV.

	DHCPD ((%{SYSLOGTIMESTAMP:timestamp})\s(%{HOSTNAME:hostname})\sdhcpd\S+\s(%{WORD:dhcp_action})?.[for\|on] (%{IPV4:dhcp_client_ip})?.[from\|to] (%{COMMONMAC:dhcp_client_mac})?.via (%{USERNAME:interface}))
	IPTABLES ((%{SYSLOGTIMESTAMP:nf_timestamp})\s(%{HOSTNAME:nf_host})\skernel\S+\s(%{WORD:nf_action})?.IN=(%{USERNAME:nf_in_interface})?.OUT=(%{USERNAME:nf_out_interface})?.MAC=(%{COMMONMAC:nf_dst_mac}):(%{COMMONMAC:nf_src_mac})?.SRC=(%{IPV4:nf_src_ip}).DST=(%{IPV4:nf_dst_ip}).PROTO=(%{WORD:nf_protocol}).?SPT=(%{INT:nf_src_port}?.DPT=%{INT:nf_dst_port}?.))
	DNS ((%{MONTHDAY:day})-(%{MONTH:month})-(%{YEAR:year}) (%{TIME:timestamp}) client (%{IPV4:dns_client_ip})#(%{NONNEGINT:dns_uuid})?.query: (%{HOSTNAME:dns_dest}) (%{WORD:dns_type}) (%{WORD:dns_record})?.(%{IPV4:dns_server}))
	PGSQL ((%{SYSLOGTIMESTAMP:pgsql_timestamp}) (%{HOSTNAME:pgsql_hostname})?.*SAST >(%{WORD:pgs

John Li jlisbz