Jump to content
Sign in to follow this  

About This Club

Tools that are used in the IT world

  1. What's new in this club
  2. Here you will find some examples of how to utilize splunk in different ways. Example of how to find all hostnames and source files that are reporting data for a sourcetype index=* sourcetype="f5:bigip:syslog" hostname="*" | stats count by hostname host source This example will show you hostname - source and what are the stats per device so you can identify if all your devices are reporting to splunk as you thought. Also what devices are reporting a lot of data (maybe debug is turned on). Another pretty quick query that I prefer is this one | tstats count as totalCount earliest(_time) as firstTime latest(_time) as lastTime where index="*" sourcetype="f5:bigip:syslog" by host sourcetype | fieldformat firstTime=strftime(firstTime,"%Y/%m/%d %H:%M:%S") | fieldformat lastTime=strftime(lastTime,"%Y/%m/%d %H:%M:%S")
  3. This is what I have working at the moment. All the remote devices just point to ubuntu box that is running syslog-ng $ cat /etc/syslog-ng/syslog-ng.conf @version: 3.5 @include "scl.conf" @include "`scl-root`/system/tty10.conf" # Syslog-ng configuration file, compatible with default Debian syslogd # installation. # First, set some global options. options { flush_lines(0); use_dns(persist_only); use_fqdn(yes); owner(root); group(adm); perm(0640); stats_freq(0); bad_hostname("^gconfd$"); normalize_hostnames(yes); keep_hostname(yes); create_dirs(yes); }; ######################## # Sources ######################## source s_local { system(); internal(); }; source s_stunnel { # tcp(ip("127.0.0.1") tcp( port(1000) max-connections(100)); }; source s_udp { udp(); }; ######################## # Filters ######################## filter f_emerg { level (emerg); }; filter f_alert { level (alert .. emerg); }; filter f_crit { level (crit .. emerg); }; filter f_err { level (err .. emerg); }; filter f_warning { level (warning .. emerg); }; filter f_notice { level (notice .. emerg); }; filter f_info { level (info .. emerg); }; filter f_debug { level (debug .. emerg); }; # Facility Filters filter f_kern { facility (kern); }; filter f_user { facility (user); }; filter f_mail { facility (mail); }; filter f_daemon { facility (daemon); }; filter f_auth { facility (auth); }; filter f_syslog { facility (syslog); }; filter f_lpr { facility (lpr); }; filter f_news { facility (news); }; filter f_uucp { facility (uucp); }; filter f_cron { facility (cron); }; filter f_local0 { facility (local0); }; filter f_local1 { facility (local1); }; filter f_local2 { facility (local2); }; filter f_local3 { facility (local3); }; filter f_local4 { facility (local4); }; filter f_local5 { facility (local5); }; filter f_local6 { facility (local6); }; filter f_local7 { facility (local7); }; # Custom Filters filter f_user_none { not facility (user); }; filter f_kern_debug { filter (f_kern) and filter (f_debug); }; filter f_daemon_notice { filter (f_daemon) and filter (f_notice); }; filter f_mail_crit { filter (f_mail) and filter (f_crit); }; filter f_mesg { filter (f_kern_debug) or filter (f_daemon_notice) or filter (f_mail_crit); }; filter f_authinfo { filter (f_auth) or program (sudo); }; ######################## # Destinations ######################## destination l_authlog { file ("/var/log/authlog"); }; destination l_messages { file ("/var/log/messages"); }; destination l_maillog { file ("/var/log/maillog"); }; destination l_info { file ("/var/log/info"); }; destination l_ipflog { file ("/var/log/ipflog"); }; #destination l_debug { file ("/var/log/debug"); }; destination l_imaplog { file ("/var/log/imaplog"); }; destination l_syslog { file ("/var/log/syslog"); }; destination l_console { file ("/dev/console"); }; destination r_authlog { file ("/var/log/clients/$YEAR/$MONTH/$HOST/authlog"); }; destination r_messages { file ("/var/log/clients/$YEAR/$MONTH/$HOST/messages"); }; destination r_maillog { file ("/var/log/clients/$YEAR/$MONTH/$HOST/maillog"); }; destination r_info { file ("/var/log/clients/$YEAR/$MONTH/$HOST/info"); }; destination r_ipflog { file ("/var/log/clients/$YEAR/$MONTH/$HOST/ipflog"); }; #destination r_debug { file # ("/var/log/clients/$YEAR/$MONTH/$HOST/debug"); }; destination r_imaplog { file ("/var/log/clients/$YEAR/$MONTH/$HOST/imaplog"); }; destination r_console { file ("/var/log/clients/$YEAR/$MONTH/$HOST/consolelog"); }; destination r_syslog { file ("/var/log/clients/$YEAR/$MONTH/$HOST/syslog"); }; destination r_fallback { file ("/var/log/clients/$YEAR/$MONTH/$HOST/$FACILITY-$LEVEL"); }; ######################## # Log paths ######################## # Local sources log { source (s_local); filter (f_authinfo); destination (l_authlog); }; log { source (s_local); filter (f_mail); destination (l_maillog); }; log { source (s_local); filter (f_info); destination (l_info); }; log { source (s_local); filter (f_local0); destination (l_ipflog); }; #log { source (s_local); filter (f_debug); destination (l_debug); }; log { source (s_local); filter (f_local1); destination (l_imaplog); }; log { source (s_local); filter (f_syslog); destination (l_syslog); }; log { source (s_local); filter (f_emerg); filter (f_user_none); destination (l_console); }; log { source (s_local); filter (f_mesg); filter (f_user_none); destination (l_messages); }; # All sources, since we want to archive local and remote logs log { source (s_local); source (s_stunnel); filter (f_authinfo); destination (r_authlog); }; log { source (s_local); source (s_stunnel); filter (f_mail); destination (r_maillog); }; log { source (s_local); source (s_stunnel); filter (f_info); destination (r_info); }; log { source (s_local); source (s_stunnel); filter (f_local0); destination (r_ipflog); }; #log { source (s_local); source (s_stunnel); filter (f_debug); # destination (r_debug); }; log { source (s_local); source (s_stunnel); filter (f_local1); destination (r_imaplog); }; log { source (s_local); source (s_stunnel); filter (f_syslog); destination (r_syslog); }; log { source (s_local); source (s_stunnel); filter (f_emerg); filter (f_user_none); destination (l_console); }; log { source (s_local); source (s_stunnel); filter (f_mesg); filter (f_user_none); destination (l_messages); }; ### # Include all config files in /etc/syslog-ng/conf.d/ ### @include "/etc/syslog-ng/conf.d/*.conf"
  4. >hpiLO-> help status=0 status_tag=COMMAND COMPLETED Mon Aug 18 18:39:01 2014 DMTF SMASH CLP Commands: help : Used to get context sensitive help. show : Used to display values of a property or contents of a collection target. show -a : Recursively show all targets within the current target. show -l : Recursively show targets within the current target based on 'level' specified. Valid values for 'level' is from 1 to 9. create : Used to create new instances in the name space of the MAP. Example: create /map1/accounts1 username= password= name= group= delete : Used to destroy instances in the name space of the MAP. Example: delete /map1/accounts1/ load : Used to move a binary image from an URL to the MAP. Example : load /map1/firmware1 -source http://192.168.1.1/images/fw/iLO4_100.bin reset : Causes a target to cycle from enabled to disabled and back to enabled. set : Used to set a property or set of properties to a specific value. start : Used to cause a target to change state to a higher run level. stop : Used to cause a target to change state to a lower run level. cd : Used to set the current default target. Example: cd targetname date : Used to get the current date. time : Used to get the current time. exit : Used to terminate the CLP session. version : Used to query the version of the CLP implementation or other CLP elements. oemhp_ping : Used to determine if an IP address is reachable from this iLO. Example : oemhp_ping 192.168.1.1 , where 192.168.1.1 is the IP address that you wish to ping oemhp_loadSSHKey : Used to authorize a SSH Key File from an URL. Example : oemhp_loadSSHKey -source http://UserName:[email protected]/images/SSHkey1.pub oemhp_deleteSSHKey : Used to remove a SSH Key associated with a user Example : oemhp_deleteSSHKey HP CLI Commands: POWER : Control server power. UID : Control Unit-ID light. NMI : Generate an NMI. VM : Virtual media commands. LANGUAGE : Command to set or get default language VSP : Invoke virtual serial port. TEXTCONS : Invoke Remote Text Console. >hpiLO->
  5. what a cool command you can run on your cisco IOS switches Switch#sho int capabilities mod 5 GigabitEthernet5/1 Model: WS-X4548-GB-RJ45V-RJ-45 Type: 10/100/1000-TX Speed: 10,100,1000,auto Duplex: half,full,auto Auto-MDIX: no Trunk encap. type: 802.1Q,ISL Trunk mode: on,off,desirable,nonegotiate Channel: yes Broadcast suppression: percentage(0-100), sw Flowcontrol: rx-(off,on,desired),tx-(off,on,desired) VLAN Membership: static, dynamic Fast Start: yes Queuing: rx-(N/A), tx-(1p3q1t, Shaping) CoS rewrite: yes ToS rewrite: yes Inline power: yes (Cisco Voice Protocol/IEEE Protocol 802.3af) SPAN: source/destination UDLD: yes Link Debounce: no Link Debounce Time: no Port Security: yes Dot1x: yes Maximum MTU: 1552 bytes (Baby Giants) Multiple Media Types: no Diagnostic Monitoring: N/A[/code]
  6. Send job to background Syntax bg Options: If PID is specified, the jobs with the specified group ids are put in the background. Send the specified jobs to the background. A background job is executed simultaneously with fish, and does not have access to the keyboard. If no job is specified, the last job to be used is put in the background. The PID of the desired process is usually found by using process expansion. Example Put the job with job id 0 in the background: bg %0[/code] "I'm not kidding myself, my voice is ordinary. If I stand still while I'm singing, I might as well go back to driving a truck" - Elvis Presley Related bash commands: fg - Send job to foreground
  7. An arbitrary precision calculator language Syntax bc options file... Options: -h, --help Print the usage and exit. file A file containing the calculations/functions to perform. May be piped from standard input -i, --interactive Force interactive mode. -l, --mathlib Define the standard math library. -w, --warn Give warnings for extensions to POSIX bc. -s, --standard Process exactly the POSIX bc language. -q, --quiet Do not print the normal GNU bc welcome. -v, --version Print the version number and copyright and quit. bc is a language that supports arbitrary precision numbers with interactive execution of statements. bc starts by processing code from all the files listed on the command line in the order listed. After all files have been processed, bc reads from the standard input. All code is executed as it is read. (If a file contains a command to halt the processor, bc will never read from the standard input.) The most common use of bc is within a shell script, using a "here" document to pass the program details to bc. Example shell script #!/bin/bash # bcsample - An example of calculations with bc if [ $# != 1 ] then echo "A number argument is required" exit fi bc scale=6 /* first we define the function */ define myfunc(x){ return(sqrt(x) + 10); } /* then use the function to do the calculation*/ x=$1 "Processing";x;" result is ";myfunc(x) quit END-OF-INPUT echo "(to 6 decimal places)"[/code] Run the script above with: $ chmod a+x bcsample $ ./bcsample 125 Standard functions supported by bc length ( expression ) The value of the length function is the number of significant digits in the expression. read ( ) Read a number from the standard input, regardless of where the function occurs. Beware, this can cause problems with the mixing of data and program in the standard input. The best use for this function is in a previously written program that needs input from the user, but never allows program code to be input from the user. scale ( expression ) The number of digits after the decimal point in the expression. sqrt ( expression ) The square root of the expression. Most standard math expressions are of course supported: + - / * % ^ ++ var increment the variable by one and set the new value as the result of the expression. var ++ The result of the expression is the value of the variable and the variable is then incremented by one. -- var decrement the variable by one and set the new value as the result of the expression. var -- The result of the expression is the value of the variable and the variable is then decremented by one. ( expr ) Brackets alter the standard precedence to force the evaluation of an expression. var = expr The variable var is assigned the value of the expression. Relational expressions and Boolean operations are also legal, look at the full bc man page for more Comments /* In-line comments */ # single line comment. The end of line character is not part of the comment and is processed normally. “If I were again beginning my studies, I would follow the advice of Plato and start with mathematics” - Galileo Related bash commands: dc - Desk Calculator
  8. Find and Replace text, database sort/validate/index Syntax awk 'Program' Input-File1 Input-File2 ... awk -f PROGRAM-FILE Input-File1 Input-File2 ... Key -F FS --field-separator FS Use FS for the input field separator (the value of the `FS' predefined variable). -f PROGRAM-FILE --file PROGRAM-FILE Read the `awk' program source from the file PROGRAM-FILE, instead of from the first command line argument. -mf NNN -mr NNN The `f' flag sets the maximum number of fields, and the `r' flag sets the maximum record size. These options are ignored by `gawk', since `gawk' has no predefined limits; they are only for compatibility with the Bell Labs research version of Unix `awk'. -v VAR=VAL --assign VAR=VAL Assign the variable VAR the value VAL before program execution begins. -W traditional -W compat --traditional --compat Use compatibility mode, in which `gawk' extensions are turned off. -W lint --lint Give warnings about dubious or non-portable `awk' constructs. -W lint-old --lint-old Warn about constructs that are not available in the original Version 7 Unix version of `awk'. -W posix --posix Use POSIX compatibility mode, in which `gawk' extensions are turned off and additional restrictions apply. -W re-interval --re-interval Allow interval expressions, in regexps. -W source=PROGRAM-TEXT --source PROGRAM-TEXT Use PROGRAM-TEXT as `awk' program source code. This option allows mixing command line source code with source code from files, and is particularly useful for mixing command line programs with library functions. -- Signal the end of options. This is useful to allow further arguments to the `awk' program itself to start with a `-'. This is mainly for consistency with POSIX argument parsing conventions. 'Program' A series of patterns and actions: see below Input-File If no Input-File is specified then `awk' applies the Program to "standard input", (piped output of some other command or the terminal. Typed input will continue until end-of-file (typing `Control-d') Basic functions The basic function of awk is to search files for lines (or other units of text) that contain a pattern. When a line matches, awk performs a specific action on that line. The Program statement that tells `awk' what to do; consists of a series of "rules". Each rule specifies one pattern to search for, and one action to perform when that pattern is found. For ease of reading, each line in an `awk' program is normally a separate Program statement , like this: pattern { action } pattern { action } ...[/code] e.g. Display lines from my_file containing the string "123" or "abc" or "some text": awk '/123/ { print $0 } /abc/ { print $0 } /some text/ { print $0 }' my_file A regular expression enclosed in slashes (`/') is an `awk' pattern that matches every input record whose text belongs to that set. e.g. the pattern /foo/ matches any input record containing the three characters `foo', *anywhere* in the record. `awk' patterns may be one of the following: /Regular Expression/ - Match = Pattern && Pattern - AND Pattern || Pattern - OR ! Pattern - NOT Pattern ? Pattern : Pattern - If, Then, Else Pattern1, Pattern2 - Range Start - end BEGIN - Perform action BEFORE input file is read END - Perform action AFTER input file is read In addition to simple pattern matching `awk' has a huge range of text and arithmetic Functions, Variables and Operators. `gawk' will ignore newlines after any of the following: , { ? : || && do else Comments - start with a `#', and continue to the end of the line: # This program prints a nice friendly message Examples This program prints the length of the longest input line: awk '{ if (length($0) > max) max = length($0) } END { print max }' data This program prints every line that has at least one field. This is an easy way to delete blank lines from a file (or rather, to create a new file similar to the old file but from which the blank lines have been deleted) awk 'NF > 0' data This program prints seven random numbers from zero to 100, inclusive. awk 'BEGIN { for (i = 1; i print int(101 * rand()) }' This program prints the total number of bytes used by FILES. ls -lg FILES | awk '{ x += $5 } ; END { print "total bytes: " x }' This program prints a sorted list of the login names of all users. awk -F: '{ print $1 }' /etc/passwd | sort This program counts lines in a file. awk 'END { print NR }' data This program prints the even numbered lines in the data file. If you were to use the expression `NR % 2 == 1' instead, it would print the odd numbered lines. awk 'NR % 2 == 0' data "Justice is such a fine thing that we cannot pay too dearly for it" - Alain-Rene Lesage Related: GNU Awk User Guide - awk examples awk one liners - Eric Pement awk one liners explained & pt2 - Peteris Krumin (CatOnMat.net) Patrick Hartigan - How to use awk `awk', `oawk', and `nawk' - Alternative, older and newer versions of awk egrep - egrep foo FILES ...is essentially the same as awk '/foo/' FILES ... expr - Evaluate expressions eval - Evaluate several commands/arguments for - Expand words, and execute commands grep - search file(s) for lines that match a given pattern m4 - Macro processor tr - Translate, squeeze, and/or delete characters Equivalent Windows command: FOR - Conditionally perform a command several times.
  9. Create an alias, aliases allow a string to be substituted for a word when it is used as the first word of a simple command. Syntax alias [name ...] unalias If arguments are supplied, an alias is defined for each name whose value is given. If no value is given, `alias' will print the current value of the alias. Without arguments or with the `-p' option, alias prints the list of aliases on the standard output in a form that allows them to be reused as input. `unalias' will remove each name from the list of aliases. If `-a' is supplied, all aliases are removed. Examples alias ls='ls -F' [/code] Now issuing the command 'ls' will actually run 'ls -F' alias la='ls -lAXh --color=always|less -R' Now issuing the command 'la' will actually run a long listing, in color, sorted by extension. Make an alias permanent Use your favorite text editor to create a .bash_aliases file, and type the alias commands into the file. .bash_aliases will run at login (or you can just execute it with ..bash_aliases ) Details The first word of each simple command, if unquoted, is checked to see if it has an alias. If so, that word is replaced by the text of the alias. The alias name and the replacement text may contain any valid shell input, including shell metacharacters, with the exception that the alias name may not contain `='. The first word of the replacement text is tested for aliases, but a word that is identical to an alias being expanded is not expanded a second time. This means that one may alias ls to "ls -F", for instance, and Bash does not try to recursively expand the replacement text. If the last character of the alias value is a space or tab character, then the next command word following the alias is also checked for alias expansion. There is no mechanism for using arguments in the replacement text, as in csh. If arguments are needed, a shell function should be used . Aliases are not expanded when the shell is not interactive, unless the expand_aliases shell option is set using shopt . The rules concerning the definition and use of aliases are somewhat confusing. Bash always reads at least one complete line of input before executing any of the commands on that line. Aliases are expanded when a command is read, not when it is executed. Therefore, an alias definition appearing on the same line as another command does not take effect until the next line of input is read. The commands following the alias definition on that line are not affected by the new alias. This behavior is also an issue when functions are executed. Aliases are expanded when a function definition is read, not when the function is executed, because a function definition is itself a compound command. As a consequence, aliases defined in a function are not available until after that function is executed. To be safe, always put alias definitions on a separate line, and do not use alias in compound commands. `alias' and `unalias' are BASH built-ins. For almost every purpose, shell functions are preferred over aliases. "The odds against there being a bomb on a plane are a million to one, and against two bombs a million times a million to one. Next time you fly, cut the odds and take a bomb." - Benny Hill Related: export - Set an environment variable env - Display, set, or remove environment variables echo - Display message on screen readonly - Mark variables/functions as readonly shift - Shift positional parameters Equivalent Windows command: SET - Display, set, or remove Windows environment variables.
  10.  

Announcements


  • Upcoming Events

    No upcoming events found
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...