1、filebeat /var/log/secure 2、 filter { grok { #type => "syslog" match => ["message", "%{SYSLOGBASE} Failed password for (invalid user |)%{USERNAME:username} from %{IP:src_ip} port %{BASE10NUM:port} ssh2"] add_tag => "ssh_brute_force_attack" } grok { #type => "syslog" match => ["message", "%{SYSLOGBASE} Accepted password for %{USERNAME:username} from %{IP:src_ip} port %{BASE10NUM:port} ssh2"] add_tag => "ssh_sucessful_login" } geoip { source => "src_ip" target => "geoip" add_tag => [ "ssh-geoip" ] add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ] add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ] add_field => [ "geoipflag", "true" ] } }

繼續閱讀

Step： ．Change Kibana & elk order. Now elk import template_filebeat, then wait logstash put log to elk. elk can get index EX:filebeat-6.4.2-2018.11.19 filebeat-6.4.2-2018.11.20 Then kibana import index-partten and set default. #!/bin/bash echo '@edge http://dl-cdn.alpinelinux.org/alpine/edge/main' >> /etc/apk/repositories echo '@edge http://dl-cdn.alpinelinux.org/alpine/edge/community' >> /etc/apk/repositories echo '@edge http://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories apk --no-cache upgrade apk --no-cache add curl echo "=====Elk config ========" until echo | nc -z -v elasticsearch 9200; do echo "Waiting Elk Kibana to start.

繼續閱讀

https://www.mobile01.com/topicdetail.php?f=18&t=5638571&p=1 E8372h-153 https://shopee.tw/-%E7%8F%BE%E8%B2%A8-%E5%8F%AF%E5%9B%9E%E5%BE%A9%E5%87%BA%E5%BB%A0%E5%80%BC-%E4%BF%9D%E5%9B%BA%E4%B8%80%E5%B9%B4%EF%BC%BD%E8%8F%AF%E7%82%BA-E8372h-153-4G-Wifi%E5%88%86%E4%BA%AB-E8372-E8372-153-i.24086409.308705863

繼續閱讀

Fxxx kibana elk Now try to do again. But can’t get geo_point…. reindex no use No Use POST /_refresh POST /_flush/synced POST /_cache/clear Only do this can apply Wast time Fxxx system. ……………… ……………… ……………… ……………… ……………… ……………… ……………… ……………… ……………… ……………… ……………… ……………… ……………… ……………… ……………… very bad document, very bad change version…………Everythings is BAD for elk kibana 1、 Every time see this “PUT GET or DELETE” command. Use where ?

繼續閱讀

https://www.mobile01.com/topicdetail.php?f=291&t=5107288&p=1039#10381 聰明的投資者都是看財報，看法說會，一般網友說的會比較法說會及財報準嗎？我個人是不相信，所以我在追蹤一檔股票時，財報、法說會在我心目中才是第一，這才是專業的人給出的結果，這種結果可信度就非常的高

繼續閱讀

docker & docker-compose 一堆坑 FROM alpine RUN apk –no-cache upgrade RUN apk update &&\ apk add bash

繼續閱讀

Use chown 1000 xxxoo xxxooo file name logtest: build: context: logtest/ volumes: - ./logtest/logs:./logs:rw networks: - elk command: | /bin/sh -c '/bin/sh -s << EOF echo "Start filebeat...." filebeat run -c ./filebeat.yml -v & sleep 2 while [ ! -f ./logs/filebeat ] do sleep 2 done chown 1000 ./logs/filebeat tail -f /dev/null EOF'

繼續閱讀