2019年3月29日 星期五
Graylog Installation Record
[aws-pls-mongo1b] Shell record
$mkdir mongo
$sudo vi /etc/yum.repos.d/mongodb-org-3.6.repo file
[mongodb-org-3.6]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/amazon/2013.03/mongodb-org/3.6/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.6.asc
$sudo yum install -y mongodb-org
<ulimit settings for mongo>
$ sudo su
ulimit -f unlimited
ulimit -t unlimited
ulimit -v unlimited
ulimit -l unlimited
ulimit -n 64000
ulimit -m unlimited
<Verify>
ulimit -u 64000
reboot now
ulimit -a
$sudo service mongod status
$sudo service mongod start
$sudo service mongod status
$sudo chkconfig mongod on
$sudo vi /etc/mongod.conf
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0 # Listen to local interface only, comment to listen on all interfaces.
$sudo service mongod stop
$sudo service mongod start
$sudo service mongod status
# Verification and Passed
$ mongo --host 10.104.187.162:27017
mongo --host LB-PLS-BETA-MONGO-INT-77e51851111d7088.elb.us-west-2.amazonaws.com:27017
================================================
[aws-pls-elastic1b] Shell record
$ sudo yum install -y java
$ sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
$ wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.5.4.rpm
$ sudo rpm --install elasticsearch-6.5.4.rpm
$ sudo systemctl start elasticsearch.service
$ sudo systemctl status elasticsearch.service
$ sudo vi /etc/elasticsearch/elasticsearch.yml
network.host: 0.0.0.0
http.port: 9200
$ sudo vi /etc/elasticsearch/jvm.options
-Xms4g
-Xmx4g
$ sudo systemctl restart elasticsearch.service
$ sudo systemctl status elasticsearch.service
# Verification and Passed
$ sudo curl "http://127.0.0.1:9200/_cat/nodes"
$ sudo curl "http://localhost:9200/_cat/nodes"
$ sudo curl "http://10.104.187.148:9200/_cat/nodes"
$ sudo curl -XGET 'http://localhost:9200/_cluster/health?pretty=true’
$ sudo curl -XGET 'http://127.0.0.1:9200/_cluster/health?pretty=true’
$ sudo curl -XGET "http://10.104.187.148:9200/_cluster/health?pretty=true"
[ec2-user@ip-10-104-187-162 ~]$ sudo curl "http://10.104.187.148:9200/_cat/nodes"
10.104.187.148 4 66 0 0.10 0.12 0.05 mdi * 4wlbKCJ
[ec2-user@ip-10-104-187-145 ~]$ sudo curl "http://10.104.187.148:9200/_cat/nodes"
10.104.187.148 3 67 1 0.02 0.05 0.01 mdi * 4wlbKCJ
[ec2-user@ip-10-104-187-145 ~]$ sudo curl "http://LB-PLS-BETA-ES-INT-78477d32e333724d.elb.us-west-2.amazonaws.com:9200/_cat/nodes"
10.104.187.148 3 67 1 0.02 0.05 0.01 mdi * 4wlbKCJ
[ec2-user@ip-10-104-187-145 ~]$ sudo curl "http://LB-PLS-BETA-ES-INT-78477d32e333724d.elb.us-west-2.amazonaws.com:9200/_cat/nodes"
10.104.187.148 5 67 0 0.00 0.00 0.00 mdi * 4wlbKCJ
sudo curl -XGET "http://LB-PLS-BETA-ES-INT-78477d32e333724d.elb.us-west-2.amazonaws.com:9200/_cluster/health?pretty=true"
================================================
<Passed>
telnet 10.104.187.148 9200
telnet 10.104.187.162 27017
<Passed>
LB-PLS-BETA-ES-INT-78477d32e333724d.elb.us-west-2.amazonaws.com
LB-PLS-BETA-MONGO-INT-77e51851111d7088.elb.us-west-2.amazonaws.com
telnet LB-PLS-BETA-ES-INT-78477d32e333724d.elb.us-west-2.amazonaws.com 9200
telnet LB-PLS-BETA-MONGO-INT-77e51851111d7088.elb.us-west-2.amazonaws.com 27017
sudo curl -XGET "http://LB-PLS-BETA-ES-INT-78477d32e333724d.elb.us-west-2.amazonaws.com:9200/_cluster/health?pretty=true"
[aws-pls-graylog1b] Shell record
$ sudo yum update
$ sudo yum install -y java
$ wget https://packages.graylog2.org/releases/graylog/graylog-2.5.1.tgz
https://packages.graylog2.org/releases/graylog/graylog-2.5.1.tgz
https://packages.graylog2.org/repo/packages/graylog-2.5-repository_latest.rpm
https://packages.graylog2.org/repo/packages/graylog-2.5-repository_latest.rpm
$ tar xvfz graylog-2.5.1.tgz
$ sudo mkdir /etc/graylog
$ sudo mkdir /etc/graylog/server/
$ sudo cp ~/graylog-2.5.1/graylog.conf.example /etc/graylog/server/server.conf
$ sudo vi /etc/graylog/server/server.conf
<1>*
password_secret = sKzW2vDDkqOQTrKC
root_password_sha2 = 8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
elasticsearch_shards = 1
elasticsearch_hosts = http://LB-PLS-BETA-ES-INT-78477d32e333724d.elb.us-west-2.amazonaws.com:9200
mongodb_uri = mongodb://LB-PLS-BETA-MONGO-INT-77e51851111d7088.elb.us-west-2.amazonaws.com/graylog
rest_listen_uri = http://10.104.187.145:9000/api/
web_listen_uri = http://10.104.187.145:9000/
=>
rest_listen_uri = http://0.0.0.0:9000/api/
web_listen_uri = http://0.0.0.0:9000/
telnet 10.104.187.148 9200
telnet 10.104.187.162 27017
<2>
password_secret = sKzW2vDDkqOQTrKC
root_password_sha2 = 8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
elasticsearch_shards = 4
elasticsearch_hosts = http://10.104.187.148:9200
mongodb_uri = mongodb://10.104.187.162/graylog
rest_listen_uri = http://10.104.187.145:9000/api/
===================================================================
Configure at least the following variables in /etc/graylog/server/server.conf:
***
# List of Elasticsearch hosts Graylog should connect to.
# Need to be specified as a comma-separated list of valid URIs for the http ports of your elasticsearch nodes.
# If one or more of your elasticsearch hosts require authentication, include the credentials in each node URI that
# requires authentication.
#
# Default: http://127.0.0.1:9200
#elasticsearch_hosts = http://node1:9200,http://user:password@node2:19200
# MongoDB connection string
# See https://docs.mongodb.com/manual/reference/connection-string/ for details
<add>
mongodb_uri = mongodb://LB-PLS-BETA-MONGO-INT-77e51851111d7088.elb.us-west-2.amazonaws.com/graylog
# Authenticate against the MongoDB server
#mongodb_uri = mongodb://grayloguser:secret@localhost:27017/graylog
# Use a replica set instead of a single host
#mongodb_uri = mongodb://grayloguser:secret@localhost:27017,localhost:27018,localhost:27019/graylog
***
root_password_sha2 = 8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
elasticsearch_shards = 1
elasticsearch_hosts = http://LB-PLS-BETA-ES-INT-78477d32e333724d.elb.us-west-2.amazonaws.com:9200
mongodb_uri = mongodb://LB-PLS-BETA-MONGO-INT-77e51851111d7088.elb.us-west-2.amazonaws.com/graylog
#New ES
elasticsearch_hosts = https://vpc-pls-log-nonprod-jql2okbojnqn5npwbkbo5qjsgy.us-west-2.es.amazonaws.com
[ec2-user@ip-10-104-187-145 ~]$ echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
Enter Password: admin
8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
===================================================================
Starting the server
$ sudo ./bin/graylogctl start
Starting graylog-server ...
$ sudo ./bin/graylogctl status
graylog-server running with PID 4175
$ sudo ./bin/graylogctl stop
Stopping graylog-server (4175) ...
Waiting for graylog-server to halt.
graylog-server stopped
$ tail ./log/graylog-server.log
Verification
http://10.104.187.145:9000
http://lb-pls-beta-graylog-int-51246890d683260e.elb.us-west-2.amazonaws.com:9000/gettingstarted
echo `date` | nc 10.104.187.145 12201
echo `date` | nc graylog-test.bapls.net 12201
http://graylog-test.bapls.net:9000
graylog-test.bapls.net
===========================================================
Sending in log data
http://docs.graylog.org/en/2.5/pages/sending_data.html
**Sending GELF messages via HTTP using curl
curl -XPOST http://10.104.187.145:12202/gelf -p0 -d '{"short_message":"Hello there IP0124", "host":"tw-pls-ta-dock", "facility":"test", "_foo":"bar"}'
curl -XPOST http://graylog-test.bapls.net:12202/gelf -p0 -d '{"short_message":"Hello there FQDN0124", "host":"tw-pls-ta-dock", "facility":"test", "_foo":"bar"}'
curl -XPOST http://LB-PLS-BETA-GRAYLOG-INT-51246890d683260e.elb.us-west-2.amazonaws.com:12202/gelf -p0 -d '{"short_message":"Hello there FQDN0124", "host":"tw-pls-ta-dock", "facility":"test", "_foo":"bar"}'
**Sending GELF messages via TCP using netcat
echo -n -e '{ "version": "1.1", "host": "tw-pls-ta-dock2", "short_message": "A short message by IP0124", "level": 5, "_some_info": "foo" }'"\0" | nc -w0 10.104.187.145 12201
echo -n -e '{ "version": "1.1", "host": "tw-pls-ta-dock2", "short_message": "A short message by FQDN0124", "level": 5, "_some_info": "foo" }'"\0" | nc -w0 graylog-test.bapls.net 12201
echo -n -e '{ "version": "1.1", "host": "tw-pls-ta-dock2", "short_message": "A short message by FQDN0124", "level": 5, "_some_info": "foo" }'"\0" | nc -w0 LB-PLS-BETA-GRAYLOG-INT-51246890d683260e.elb.us-west-2.amazonaws.com 12201
FQDN seems not works stable??
Testing Telnet 12201 port
max@tw-pls-ta-dock2:~$ telnet 10.104.187.145 12201
Trying 10.104.187.145...
Connected to 10.104.187.145.
Escape character is '^]'.
max@tw-pls-ta-dock2:~$ telnet graylog-test.bapls.net 12201
Trying 10.104.187.171...
Connected to lb-pls-beta-graylog-int-51246890d683260e.elb.us-west-2.amazonaws.com.
Escape character is '^]'.
Test curl http post
max@tw-pls-ta-dock2:~$ curl -XPOST http://10.104.187.145:12202/gelf -p0 -d '{"short_message":"Hello there IP1", "host":"example.org", "facility":"test", "_foo":"bar"}'
max@tw-pls-ta-dock2:~$ curl -XPOST http://graylog-test.bapls.net:12202/gelf -p0 -d '{"short_message":"Hello there FQDN1", "host":"example.org", "facility":"test", "_foo":"bar"}'
curl -XPOST http://graylog-test.bapls.net:12202/gelf -p0 -d '{"short_message":"Hello there FQDN1", "host":"example.org", "facility":"test", "_foo":"bar"}'
curl -X POST -u "ext_maxm:03e1ef098a609c3718cd3e10322a3acf" -H "Jenkins-Crumb:a32e3694b05057ca7942ae3d8d692693" http://tw-pls-jenk1.client.tw.trendnet.org:8080/view/Operation/view/2_Stage/job/DRI_PVT_STG_aws-pls-dris1s/buildWithParameters?token=thisismysecret&cause=trigger+by+shavlik+POC
Invoke-RestMethod -Uri http://graylog-test.bapls.net:12202/gelf -Method POST '{"short_message":"Hello there FQDN1", "host":"example.org", "facility":"test", "_foo":"bar"}'
Invoke-RestMethod -Uri http://10.104.187.145:12202/gelf -Method GET
$Url = "http://graylog-test.bapls.net:9000"
Invoke-RestMethod -Uri $url -Method Get
Test curl http
curl http://10.104.187.145:12202
<No Message Retured>
curl http://graylog-test.bapls.net:9000
<Some Retured>
==========================================
curl -o certificaterequest.csv --user certreport:Cert#Report9 'http://siteaddress/Reports/CertificateReport?starttime=2014-02-01T00:00:00&endtime=2014-05-01T00:00:00'
$cred = Get-Credential #will prompt you to enter userame and password
$csv="d:\output.csv"
$url="url"
Invoke-RestMethod -Uri $url -OutFile $csv -Credential $cred
curl -XPOST http://10.104.187.145:12202/gelf -p0 -d '{"short_message":"Hello there IP1", "host":"example.org", "facility":"test", "_foo":"bar"}'
echo -n -e '{ "version": "1.1", "host": "example.orgIP", "short_message": "A short message", "level": 5, "_some_info": "foo" }'"\0" | nc -w0 10.104.187.145 12201
$Url = "http://10.104.187.145:9000"
Invoke-RestMethod -Uri $url -Method Get
$Url = "http://10.104.187.145:12202"
$body= "Test"
Invoke-RestMethod -Uri $url -Method Post -Body $body -ContentType 'application/json' -Headers $hdrs
2019年3月13日 星期三
git commands
git commands
clone
branch
checkout branch##git to switch branch
add .
commit -m "####"
push
git push --set-upstream origin max
remote: Repository not found.
fatal: repository 'https://adc.github.trendmicro.com/BA-PLS/cd-gcs.git/' not found ??
$ git push
fatal: The current branch kk has no upstream branch.
To push the current branch and set the remote as upstream, use
git push --set-upstream origin kk
ext_maxm@tw-maxmu MINGW64 ~/maxTestRepo (kk)
$ git push --set-upstream origin kk
Total 0 (delta 0), reused 0 (delta 0)
To https://adc.github.trendmicro.com/ext-maxm/maxTestRepo.git
* [new branch] kk -> kk
Branch 'kk' set up to track remote branch 'kk' from 'origin'.
ext_maxm@tw-maxmu MINGW64 ~/maxTestRepo (kk)
$
ext_maxm@tw-maxmu MINGW64 ~/maxTestRepo (kk)
==========================================
0308 all process
>git pull
>git branch ReadFromLast2FALSE
>git checkout ReadFromLast2FALSE
>git branch
* ReadFromLast2FALSE
add_lmp
master
max0305
max0307
max2
>git add .
Edit code
>git add .
>git commit -m "ReadFromLast TRUE2FALSE"
[ReadFromLast2FALSE 1fb8ed5] ReadFromLast TRUE2FALSE
Committer: Max Mu (EXT-TW) <max_mu@trendmicro.com>
Your name and email address were configured automatically based
on your username and hostname. Please check that they are accurate.
You can suppress this message by setting them explicitly. Run the
following command and follow the instructions in your editor to edit
your configuration file:
git config --global --edit
After doing this, you may fix the identity used for this commit with:
git commit --amend --reset-author
4 files changed, 32 insertions(+), 20 deletions(-)
>git tag "1.2.12"
>git push
(or >git push --set-upstream origin add_lmp)
>git push --tags
clone
branch
checkout branch##git to switch branch
add .
commit -m "####"
push
git push --set-upstream origin max
remote: Repository not found.
fatal: repository 'https://adc.github.trendmicro.com/BA-PLS/cd-gcs.git/' not found ??
$ git push
fatal: The current branch kk has no upstream branch.
To push the current branch and set the remote as upstream, use
git push --set-upstream origin kk
ext_maxm@tw-maxmu MINGW64 ~/maxTestRepo (kk)
$ git push --set-upstream origin kk
Total 0 (delta 0), reused 0 (delta 0)
To https://adc.github.trendmicro.com/ext-maxm/maxTestRepo.git
* [new branch] kk -> kk
Branch 'kk' set up to track remote branch 'kk' from 'origin'.
ext_maxm@tw-maxmu MINGW64 ~/maxTestRepo (kk)
$
ext_maxm@tw-maxmu MINGW64 ~/maxTestRepo (kk)
==========================================
0308 all process
>git pull
>git branch ReadFromLast2FALSE
>git checkout ReadFromLast2FALSE
>git branch
* ReadFromLast2FALSE
add_lmp
master
max0305
max0307
max2
>git add .
Edit code
>git add .
>git commit -m "ReadFromLast TRUE2FALSE"
[ReadFromLast2FALSE 1fb8ed5] ReadFromLast TRUE2FALSE
Committer: Max Mu (EXT-TW) <max_mu@trendmicro.com>
Your name and email address were configured automatically based
on your username and hostname. Please check that they are accurate.
You can suppress this message by setting them explicitly. Run the
following command and follow the instructions in your editor to edit
your configuration file:
git config --global --edit
After doing this, you may fix the identity used for this commit with:
git commit --amend --reset-author
4 files changed, 32 insertions(+), 20 deletions(-)
>git tag "1.2.12"
>git push
(or >git push --set-upstream origin add_lmp)
>git push --tags
訂閱:
文章 (Atom)
Docker Command
#1 pull images $docker pull chusiang/takaojs1607 #2 list images $docker images #3.1 run docker $docker run -it ### bash #3.2 run do...
