Repo of configs for the three major SIEMs.
- Default password is set to
Changem123! - Docker-composes v2.X are for development ONLY and are NOT secure for production
conf/ansible/*- This directory contains all the configs for the Ansible playbooks and a manual installconf/docker/*- This directory contains all the configs for Docker
The Ansible playbooks will automatically set the heap size to half of total system memory allocated to a host. For example, if a machine has 16GB of memory, the ES heap size will be set to 8GB.
Graylog v4.2.4Elastic v7.16.2Splunk v8.2.4Ansible v2.12.1+ansible-galaxy: community.mongodb >= 1.3.2
Ubuntu 20.04 64-bitVagrant v2.2.19
- Run Ansible playbook GitHub Action
- Error "The input device is not a TTY"
- How to wait till a particular line appears in a file
- restore or create a python virtualenv
- docker-compose-actions-workflow
- GitHub Action - restore pip download cache
- setup-python V2
- Vagrantfile - Ansible - extra_vars
- Safely limiting Ansible playbooks to a single machine?
- roboxes/ubuntu2104
- Vagrant enhancement request: add -f option to specify Vagrantfile.* #10853
- Ansible Provisioner
- ansible.builtin.reboot – Reboot a machine
- How to Set or Change the Time Zone in Linux
- Ansible: get current target host's IP address
- Register variable numerical comparisons
- ansible.builtin.apt_repository – Add and remove APT repositories
- ansible.builtin.apt_key – Add or remove an apt key
- ansible.builtin.set_fact – Set host facts from a task
- How to split strings and join them in Ansible
- Ansible: Store command's stdout in new variable?
- ansible.builtin.lineinfile – Manage lines in text files
- Write variable to a file in Ansible
- ansible.builtin.uri – Interacts with webservices
- ansible.builtin.uri – Interacts with webservices
- mikeifomin/wait_for_http.yml
- How can I check the available version of a package in the repositories?
- Ansible read JSON file – JSON file Parsing
- ansible.builtin.user – Manage user accounts
- Add a User to a Group (or Second Group) on Linux
- ansible.builtin.replace – Replace all instances of a particular string in a file using a back-referenced regular expression
- Setting hostname with Ansible
- ansible.builtin.password – retrieve or generate a random password, stored in a file
- Disable output when using cURL
- ansible-galaxy: community.mongodb
- [Solved] TypeError: ‘Collection’ object is not callable. If you meant to call the ‘authenticate’ method on a ‘Database’ object it is failing because no such method exists.
- --conection=local
- How to Run Ansible Playbook Locally
- Prevent port change on redirect in nginx
- how to stop dockerized nginx in foreground from flooding logs?
- stackoverflow- ISO time (ISO 8601) in Python
- How to transform a timestamp in ms to datetime format?
- How to throw error and exit with a custom message in python
- Python - Requests - Authentication
- Elasticsearch - Search multiple data streams and indices
- How to get current date and time in Python?
- StackOverFlow - Random string generation with upper case letters and digits
- Suppress InsecureRequestWarning: Unverified HTTPS request is being made in Python2.6
- Safe method to get value of nested dictionary
- Bash while loop stop after a successful curl request [duplicate]
- cat indices API
- Connections fail on Python 3.10
- [Solved] Python requests.exceptions.SSL: EOF occurred in violation of protocol
- Learn how to use Kafkacat – the most versatile Kafka CLI client
- Kafka input to logstash plugin
- The Power of Kafka Partitions: How to Get the Most out of Your Kafka Cluster
- Can multiple Kafka consumers read same message from the partition
- Logstash - Kafka input plugin
- Manual Install using Systemd on Ubuntu and Debian
- How to Install Apache Kafka on Ubuntu 20.04
- CptOfEvilMinions/BlogProjects
- Dockerhub - Elasticsearch
- Dockerhub - Logstash
- Dockerhub - Kibana
- Set Password and user with Docker-compose
- We opened X-Pack
- Install Kibana with Docker
- Configuring Security in Logstash
- How to config Single node for Single Cluster (Standalone Cluster) ElasticSearch
- Configure security in Kibanaedit
- elasticsearch-setup-passwords
- How to setup password for elasticsearch users?
- Security settings in Elasticsearch
- Built-in users
- Running Logstash on Docker
- How to add Certificate Authority file in CentOS 7
- Install Elasticsearch with Docker
- Docker Kibana env vars
- Is there a Kibana health API for load balancer?
- Cluster health API
- Elastic - Create or update users API - Request body
- Elastic - Configuring Logstash to use Basic Authentication
- Logstash - Mutate filter plugin
- If/else within Logstash output plugin
- Github - dockerfiles/kibana/Dockerfile
- HowTo: Use bash For Loop In One Line
- Loop through an array of strings in Bash?
- elasticsearch-users
- How to set passwords for built-in users in batch mode?
- elasticsearch-keystore
- Kibana Keystore
- Kibana keystore - Secure settings
- elasticsearch-setup-passwords
- Logstash - Secrets keystore for secure settings
- Elasticseach - Create passwords for built-in users
- Elasticsearch - elasticsearch-setup-passwords
- Elasticsearch - elasticsearch-keystore
- Logstash - Configuring Logstash for Docker
- Logstash - Add user information in Logstash
- How to Check if a File or Directory Exists in Bash
- Dockerhub - kibana:7.12.0 - Docekrfile
- Introducing 7.16.2 and 6.8.22 releases of Elasticsearch and Logstash to upgrade Apache Log4j2
- RCE 0-day exploit found in log4j, a popular Java logging package #81618
- Upgrade log4j in Docker images #81863
- How to add color to Github's README.md file
- Elasticsearch: Max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
- Graylog - Elasticsearch system requirements
- Github - Graylog - Elasticsearch 7 Support
- Github - jalogisch/d-gray-lab
- How can I change my MONGODB_URI for my mlab provisioned DB on Heroku?
- Dockerhub - Mongo
- User not found on MongoDB Docker image with authentication
- Dockerhub - Mongo
- Setup MongoDB server with docker
- MongoDB Server Parameters
- Authentication Examples
- User not found on MongoDB Docker image with authentication
- Connection String URI Format
- How to Enable Authentication on MongoDB
- Error authenticating MongoCredential when trying to connect from spring boot docker container to mongo docker container?
- Operating System Packages
- Graylog Docker NGINX Reverse Proxy HTTPS
- Deploying Graylog 3 With Docker
- Setting up Elasticsearch and Kibana on Docker with X-Pack security enabled
- Github issue - Configure Beats Inputs,create input|output|snippet doesn't work #4241
- Graylog - server.conf
- Automatically create UDP input for Graylog2 server running in Docker?
- Graylog REST API
- REST API browser (graylog 3.1) not accessible behind nginx reverse proxy
- Wait for an HTTP endpoint to return 200 OK with Bash and curl
- How to check if curl was successful and print a message?
- Install MongoDB Community Edition on Ubuntu
- apt_repository module does not allow enabling 'universe' repository
- Graylog -Ubuntu installation
- How to Install MongoDB on Ubuntu 20.04
- Mongo repo - multiverse
- Check MongoDB Version in Windows / Linux
- Install Elasticsearch v7.10.0 with Docker
- Echo newline in Bash prints literal \n
- Linux script to prompt for password
- BASH Programming - How to compare strings in Bash
- Why does the docker-compose healthcheck of my mongo container always fail?
- ansible.builtin.pip – Manages Python library dependencies
- community.mongodb.mongodb_user – Adds or removes a user from a MongoDB database
- Localhost exception in MongoDB
- StackOverFLow - I cannot login to mongodb after adding admin user and enabling authentication with ansible
- Only check whether a line present in a file (ansible)
- Ansible - Using filters to manipulate data
- ansible.builtin.password – retrieve or generate a random password, stored in a file
- ElasticSearch crashing due to auto_create_index problem
- Elasticsearch - Create or update roles API
- Elasticsearch - [security_exception] action [indices:data/read/search] is unauthorized for user [user]
- Mongo - db.createUser()
- Mongo - security.authorization
- DockerHub - Mongo v4.2.17 - not log4j vulnerable
- Log4Shell Vulnerability (CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105) and MongoDB
- GRAYLOG UPDATE FOR LOG4J
- pymongo - release history
- How To Bash Shell Find Out If a Variable Is Empty Or Not
- Dockerhub - splunk/splunk
- CptOfEvilMinions/MyLoggingPipeline
- docker-splunk
- docker-splunk
- Repositories for APT and YUM
- How to return exit code 0 from a failed command
- I want to pass credentials for a Splunk search
- Set up and use HTTP Event Collector from the CLI
- Centos User account nologin but possible to su into account
- How To Install Elasticsearch, Logstash, and Kibana (Elastic Stack) on Ubuntu 20.04
- https://docs.splunk.com/Documentation/Splunk/8.1.0/Admin/GethelpwiththeCLI
- Splunk-docer: Valid Universal Forwarder Environment Variables
- Logstash - tcp output plugin does not send newlines #1650
- How to forward events from logstash to Splunk
- Convert pkcs1 and pkcs8 format RSA private key to each other under linux command line
- Mutate filter plugin
- Splunk Add-on for NetApp Data ONTAP
- Github issue - Not able to disable XPack from Docker Compose #127
- How can I run searches against the Splunk API?
- Is there any way via REST to get JSON raw data from Splunk for a given query?
- Github - splunk/TA-osquery
- Splunk Add-On for Microsoft Sysmon
- How to use custom index for Universal Forwarder
- How to install Splunk Forwarder on Ubuntu
- How to Run MSI in Silent Mode
- How to restart windows universal forwarder?
- How can I install Splunk universal forwarder on Windows?
- Install a Windows universal forwarder from the command line
- Installing Zeek
- zeek from security:zeek project
- How to set the preferred network interface in linux
- Zeek - Quick Start Guide
- Filebeat - Log input
- How to do HTTP address health check in Splunk?
- HTTP Event Collector REST API endpoints
- Splunk Endpoints reference list
- Format events for HTTP Event Collector