• Home
  • Work
  • Blog
  • Security
  • Links
  • Archive for the ‘HowTos’ Category

    Elasticsearch + Nginx Access Log using Kibana and FileBeat


    2017 - 11.27

    Long time no see. Very short post today, very fast howto to implement access log logging to elasticsearch using simple utilities.

    First of all, I expect you have already setup your elastic cluster with Kibana or Grafana or whatever.

    (more…)

    Rsyslog + Elasticsearch/Redis backend template


    2016 - 09.19

    Here is example of template when using redis or Elasticsearch backend for rsyslog. Very usefull along with logstash and kibana.

     

    module(load="omhiredis")
    template(name="ls_json" type="list" option.json="on")
       { constant(value="{")
         constant(value="\"timestamp\":\"")         property(name="timegenerated" dateFormat="rfc3339")
         constant(value="\",\"message\":\"")         property(name="msg")
         constant(value="\",\"host\":\"")            property(name="fromhost")
         constant(value="\",\"host_ip\":\"")         property(name="fromhost-ip")
         constant(value="\",\"logsource\":\"")       property(name="fromhost")
         constant(value="\",\"severity_label\":\"")  property(name="syslogseverity-text")
         constant(value="\",\"severity\":\"")        property(name="syslogseverity")
         constant(value="\",\"facility_label\":\"")  property(name="syslogfacility-text")
         constant(value="\",\"facility\":\"")        property(name="syslogfacility")
         constant(value="\",\"program\":\"")         property(name="programname")
         constant(value="\",\"pid\":\"")             property(name="procid")
         constant(value="\",\"syslogtag\":\"")       property(name="syslogtag")
         constant(value="\"}\n")
       } 
    *.* action(
      name="push_redis"
      type="omhiredis"
      server="127.0.0.1"
      mode="queue"
      key="syslog"
      template="ls_json"
    )
    
    

     

    How to handle thousands of reports from servers – Logstash, ElasticSearch, Kibana


    2015 - 06.05

    Many services and server audit utilities like logcheck, logwatch, cron daemon, aide, ZRM, etc. are sending emails to local user or root. Some of them, can be easily configured but some of them not.

    Best way in my case is to deal with emails directly, but how ?

    (more…)

    Gitolite recover from lost authorized_keys


    2015 - 03.19

    Sometimes bad things happed and you have to recover your git server from backup or you have corrupted authorized_keys for git user.

    First of all, you should know what paths and user you using. For this example we have:

    User: git

    Home: /home/git

    Repositories: /data/git (linked into /home/git as repositories)

    (more…)

    Command Line Tool for iRedMail (MySQL backend only)


    2014 - 03.13

    Hi,

    if anyone is interested in  open source mail server solution iRedMail and use MySQL as backend should now use my small cli script. Script has limited functions but it’s perfect for things like importing new domains or creating many email accounts.

    Script is opensource and use some functions from original iredadmin web management. So you need iredadmin installed, which is default option.

    iRedMail CLI Tool on Github

    (more…)

    HowTo use Grub rescue mode


    2013 - 06.07

    Sometimes when you upgrade or migrate your linux from one disk to another, boot should hang out on line  “grub rescue>“,

    what now ?

    (more…)