I'm trying insert log of Symantec WSS to Kibana. I need Grok Pattern,
does someone have Grok Pattern for this problem ?
I'm trying this one, but it's not working:
%{NUMBER:PID}%{SPACE}%{TIMESTAMP_ISO8601:TimeStamp}%{SPACE}"%{DATA:Proxy_HostName}"%{SPACE}%{NUMBER:Proxy_HostName_Port}%{SPACE}%{IP:IPAddress}%{SPACE}%{NOTSPACE:User}%{SPACE}%{NOTSPACE:FILED_1}%{SPACE}%{NOTSPACE:FILED_2}%{SPACE}%{NOTSPACE:FILED_3}%{SPACE}"%{DATA:Category}"%{SPACE}%{DATA:FIELD_4}%{SPACE}%{NUMBER:Response_Code}%{SPACE}%{NOTSPACE:FIELD_5}%{SPACE}%{NOTSPACE:Method}%{SPACE}%{NOTSPACE:Format}%{SPACE}%{NOTSPACE:Protocol}%{SPACE}%{NOTSPACE:DOMAIN_URL}%{SPACE}%{NUMBER:DstPort}%{SPACE}%{NOTSPACE:FIELD_6}%{SPACE}%{NOTSPACE:FIELD_7}%{SPACE}%{NOTSPACE:FIELD_8}%{SPACE}"%{DATA:Agent}"%{SPACE}%{IP:LOCAL_IP}%{SPACE}%{NUMBER:FIELD_10}%{SPACE}%{NUMBER:FIELD_11}%{SPACE}%{NOTSPACE:FIELD_12}%{SPACE}"%{DATA:FIELD_13}"%{SPACE}%{NOTSPACE:FIELD_14}%{SPACE}%{NOTSPACE:FIELD_15}%{SPACE}%{NUMBER:FIELD_16}%{SPACE}"%{DATA:FIELD_17}"%{SPACE}%{NOTSPACE:FIELD_18}%{SPACE}"%{NOTSPACE:FIELD_19}"%{SPACE}"%{NOTSPACE:FIELD_20}"%{SPACE}%{IP:FIELD_21}%{SPACE}"%{DATA:FIELD_22}"%{SPACE}%{NOTSPACE:FIELD_23}%{SPACE}%{NOTSPACE:FIELD_24}%{SPACE}%{NOTSPACE:FIELD_25}%{SPACE}%{NOTSPACE:FIELD_26}%{SPACE}%{NOTSPACE:SSL_TLS_Type}%{SPACE}%{NOTSPACE:Encryptions}%{SPACE}%{NUMBER:Encryption_Byte}%{SPACE}%{NOTSPACE:URL_2}%{SPACE}"%{DATA:Category_2}"
Related
Hello guys and I hope you're having a great day. I have a question about using Openstack API in Python.
I'm using python-novaclient for getting server details and flavor details. And I want to get the volume details too but I don't know how to do it, I've tried to collect volume details but it failed somehow and I need to ask you guys if you have any idea.
This information is what I want to get:
volume_id, attached to (w/c volume), name, status and volume_type (CEPH or LVM)
I used python-cinderclient, but I only got the volume_id.
Here's the code:
volumes = cinder.volumes.list()
Can someone help me to get the other data? Other than running Openstack command-line in the server, I just need some Python module to get these data.
Thanks in advance.
I've finally figured it out, and I'm going to answer this for anyone who is interested in Openstack SDK or other Python API for Openstack.
First, for authentication you need to use Keystone API, the documentation is all over the internet so no need to worry, you could just oversee in your Openstack for credentials needed. And for my question, I use the function get_volume from Connection class. Please see the documentation
for this. You can read other documentation as well on the internet.
So, here is the example of how to get volumes details:
vol = conn.get_volume(volume_id)
print(vol)
In Airflow http (and other) connections can be defined as environment variables. However, it is hard to use an https schema for these connections.
Such a connection could be:
export AIRFLOW_CONN_MY_HTTP_CONN=http://example.com
However, defining a secure connection is not possible:
export AIRFLOW_CONN_MY_HTTP_CONN=https://example.com
Because Airflow strips the scheme (https) and in the final connection object the url gets http as scheme.
It turns out that there is a possibility to use https by defining the connection like this:
export AIRFLOW_CONN_MY_HTTP_CONN=https://example.com/https
The second https is called schema in the airflow code (like in DSN's e.g. postgresql://user:passw#host/schema). This schema is then used as the scheme in the construction of the final url in the connection object.
I am wondering if this is by design, or just an infortunate mixup of scheme and schema.
For those who land in this question in the future, I confirm that #jjmurre 's answer works well for 2.1.3 .
In this case we need URI-encoded string.
export AIRFLOW_CONN_SLACK='http://https%3a%2f%2fhooks.slack.com%2fservices%2f...'
See this post for more details.
Hope this can save other fellows an hour which I've spent on investigating.
You should use Connections and then you can specify schema.
This is what worked for me using bitnami airflow:
.env
MY_SERVER=my-conn-type://xxx.com:443/https
docker-compose.yml
environment:
- AIRFLOW_CONN_MY_SERVER=${MY_SERVER}
After upgrading FreePBX, fail2ban does not work. This is based on Asterisk version 13.19.1.
Asterisk-iptables is setup in fail2ban, but misses the login attempts.
After many attempts at changing items, I was finally able to determine the issue was in the "failregex" located in "/etc/fail2ban/filter.d/asterisk.conf.
I was able to add the string below to the bottom of the list:
(?:NOTICE|SECURITY|WARNING).*(FailedACL|InvalidAccountID|ChallengeResponseFailed|InvalidPassword).*RemoteAddress=\"IPV4/UDP/<HOST>/.*
Other steps included:
- ensuring fail2ban was running as a service
- adding an entry for "asterisk-iptables" and pointing to the log files
- ensuring the asterisk logger was creating the log files.
I have not posted explanations on these items, as I was able to follow guides readily available on the internet.
I'm using OpenResty with nginx to auto-obtain SSL certs from Let's Encrypt. There's a lua function where you can allow certain domains. In this function, I have a regex to whitelist my domains. After I add a certain amount (not sure the exact amount), I start getting this error:
nginx: [emerg] too long lua code block, probably missing terminating characters in /usr/local/openresty/nginx/conf/nginx.conf:60.
Shrinking down that string makes the error go away.
I'm not familiar with lua, but here's the example code. I have a few hundred domains to add in here.
auto_ssl:set("allow_domain", function(domain)
return ngx.re.match(domain, "^(domain1.com|domain2.com|domain3.com....)$", "ijo")
end)
Do I need to define this string ahead of time, or maybe specify it's length somewhere?
EDIT ok, so I was thinking about this another way. Does anyone see an issue if I were to try this? Any sort of performance issues, or lua related things? Maybe there's a more efficient way of doing this?
auto_ssl:set("allow_domain", function(domain)
domains = [[
domain1.com
domain2.com
domain3.com
-- continues up to domain300.com
]]
i, j = string.find(domains, domain)
return i ~= nil
end)
OpenResty allows for loading more complex lua code through files. https://github.com/openresty/lua-nginx-module#init_by_lua_file That is just one directive. There are multiple ways you can load lua code. This way worked for me.
[edit: I've written a blogpost that explains everything in detail: look here]
Hi!
I'm desperately trying to build a service for trusted timestamps based on rfc3161. I've decided to use the free trusted timestamp service at zeitstempel.dfn.de.
My question is how i shall contact this service in order to receive a valid response. Regarding the request format, the RFC tells:
TimeStampReq ::= SEQUENCE {
version INTEGER { v1(1) },
messageImprint MessageImprint,
--a hash algorithm OID and the hash value of the data to be
--time-stamped
reqPolicy TSAPolicyId OPTIONAL,
nonce INTEGER OPTIONAL,
certReq BOOLEAN DEFAULT FALSE,
extensions [0] IMPLICIT Extensions OPTIONAL }
where
MessageImprint ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier,
hashedMessage OCTET STRING }
I've found a client which helped me a bit.
Nevertheless, I still don't know how I should construct the request for the timestamp service.
Regards!
I'm glad that you find our software helpful. But you refer to our old service. Please visit www.ntp.org.pl - you'll find there the latest version of timestamping client and a lot of other useful free software related to time topic.
I'm not sure what you want to do. Maybe if you give a few more details, I'd be able to help you better. Anyway, I'll give you some hints, where to find some precious information.
Firs of all, you should look at OpenSSL project:
http://www.openssl.org/docs/apps/ts.html#
There is an example, how to create TSRequest. The request is stored in file, so you can read it's content. Later, you can send request to the server using this:
http://www.openssl.org/docs/apps/tsget.html#
Antoher trick you can do is to install some sniffer (for example Wireshark - www.wireshark.org/ ), start our client from www.ntp.org.pl , send request, then find proper packet in wireshark to see what it contains.
Feel free to ask, if you have some additional questions. Please, give some more information about your service.