https://hadler.me/linux/openfortigui/

繼續閱讀

Oragin geoip { source => "filebeatserverip" target => "filebeatserveripgeoip" add_field => [ "[filebeatserveripgeoip][coordinates]", "%{[filebeatserveripgeoip][longitude]}" ] add_field => [ "[filebeatserveripgeoip][coordinates]", "%{[filebeatserveripgeoip][latitude]}" ] } mutate { convert => ["[filebeatserveripgeoip][coordinates]", "float"] } Delete add_field => [ “[filebeatserveripgeoip][coordinates]”, “%{[filebeatserveripgeoip][longitude]}” ] add_field => [ “[filebeatserveripgeoip][coordinates]”, “%{[filebeatserveripgeoip][latitude]}” ] convert => ["[filebeatserveripgeoip][coordinates]", “float”] geoip { source => "filebeatserverip" target => "filebeatserveripgeoip" } mutate { } ===== { "index_patterns": ["filebeat*", "heartbeat*"], "settings": { "number_of_shards": 1 }, "mappings": { "doc": { "properties": { "filebeatserveripgeoip.

繼續閱讀

geth log mined INFO [12-07|13:04:44] 🔨 mined potential block number=1934700 hash=3f9161…88da7d only month-day ……. grok { match => ["message", "%{LOGLEVEL:logType} \[%{DATA:gethmm}-%{DATA:gethdd}\|%{DATA:gethtime}\] %{GREEDYDATA:tmessage} number=(?\b\w+\b) hash=(?\b\w+...\w+\b)"] add_field => ["gethdate", "%{[gethmm]}-%{[gethdd]} %{[gethtime]}"] } ruby { code => " tstamp = event.get('@timestamp').to_i event.set('epoch',tstamp) event.set('gethdate', Time.at(tstamp).strftime('%Y')+'-'+event.get('gethdate')) " } date { match => [ "gethdate" , "YYYY-MM-dd HH:mm:ss"] target => "gethdate" timezone => "Asia/Taipei" } Recreate index GET _cat/indices?v GET _cat/indices?v&s=index GET filebeat-6.5.1-2018.12.06 DELETE filebeat-6.5.1-2018.12.06

繼續閱讀

Export index-pattern curl http://xxx.xxx.xxx.xxx:5601/api/saved_objects/index-pattern/f1836c20-e880-11e8-8d66-7d7b4c3a5906 > index-pattern-export.json visualization curl http://xxx.xxx.xxx.xxx:5601/api/saved_objects/visualization/1eb85311-f901-11e8-864c-bd4880954537 > visual-export.json Import index-pattern curl -v -XPOST kibana:5601/api/kibana/dashboards/import?force=true -H “kbn-xsrf:true” -H “Content-type:application/json” -d @/usr/share/config/config/index-pattern-export.json visualization curl -v -XPOST kibana:5601/api/kibana/dashboards/import?force=true -H “kbn-xsrf:true” -H “Content-type:application/json” -d @/usr/share/config/config/visual-export.json PS： visualization can be multi { "objects": [ {"id":"0c298010-f901-11e8-864c-bd4880954537",...}, {"id":"1eb85300-f901-11e8-864c-bd4880954537",...} ]}

繼續閱讀

1. Change logstash add fields or grok some fields. Kibana DISCOVER Table can see new fields & ! 2. Kibana Management -> Index Patterns can “Fefresh field list” ! will be disappear. 3. Logstash set some fields Type “geo_point”. see Kibana DISCOVER Table field Type still “TEXT”. Try to delete index. GET _cat/indices?v GET _cat/indices?v&s=index GET filebeat-6.5.1-2018.12.06 DELETE filebeat-6.5.1-2018.12.06 After DELETE index (real index), index rebuiled. Geo_point usually can see.

繼續閱讀

https://support.google.com/a/answer/60764 nslookup -q=TXT _spf.google.com 8.8.8.8 nslookup -q=TXT _netblocks.google.com 8.8.8.8 nslookup -q=TXT _netblocks2.google.com 8.8.8.8 nslookup -q=TXT _netblocks3.google.com 8.8.8.8 35.190.247.0/24 64.233.160.0/19 66.102.0.0/20 66.249.80.0/20 72.14.192.0/18 74.125.0.0/16 108.177.8.0/21 173.194.0.0/16 209.85.128.0/17 216.58.192.0/19 216.239.32.0/19 172.217.0.0/19 172.217.32.0/20 172.217.128.0/19 172.217.160.0/20 172.217.192.0/19 108.177.96.0/19 35.191.0.0/16 130.211.0.0/22 2001:4860:4000::/36 2404:6800:4000::/36 2607:f8b0:4000::/36 2800:3f0:4000::/36 2a00:1450:4000::/36 2c0f:fb50:4000::/36

繼續閱讀

1. 你想做什麼？用一般人看得懂的語言，清晰表述你的目標，而非用行業術語。 What are you trying to do? Articulate your objectives using absolutely no jargon. 2. 現狀如何？現行做法的侷限是什麼？為什麼是現在要做？ How is it done today, and what are the limits of current practice? 3. 為什麼是你？你的研究有什麼不同之處，你相信它能成功的理由是什麼？ What is new in your approach and why do you think it will be successful? 4. 誰會受益？如果你成功了，會帶來什麼改變？ Who cares? If you are successful, what difference will it make? 5. 風險有哪些？效益又有哪些？ What are the risks and payoffs? 6. 成本是多少？

繼續閱讀