jsvd’s gists

jsvd / gist:6b396a329243e8ee337fa2d31011897f

Created September 9, 2024 09:06

	/tmp/sandbox
	❯ jruby -v
	jruby 9.4.7.0 (3.1.4) 2024-04-29 597ff08ac1 OpenJDK 64-Bit Server VM 17.0.9+9 on 17.0.9+9 +jit [arm64-darwin]

	/tmp/sandbox
	❯ git clone git@github.com:logstash-plugins/logstash-input-salesforce.git
	Cloning into 'logstash-input-salesforce'...
	remote: Enumerating objects: 331, done.
	remote: Counting objects: 100% (57/57), done.
	remote: Compressing objects: 100% (21/21), done.

jsvd / gist:84f4beb202ded3e8c3ee1cf008b32310

Last active August 9, 2024 16:14

	# env var:
	# keystore:
	# pipeline.workers = default to cpu cores
	❯ docker run docker.elastic.co/logstash/logstash-full:8.16.0-SNAPSHOT sh -c 'rm config/logstash.keystore && echo 1 \| bin/logstash -e "" \| grep pipeline.workers'
	[2024-08-09T16:06:29,979][INFO ][logstash.javapipeline][main] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>10, [...]

	# env var: 2
	# keystore:
	# pipeline.workers = env var
	❯ docker run -e PIPELINE_WORKERS="2" docker.elastic.co/logstash/logstash-full:8.16.0-SNAPSHOT sh -c 'rm config/logstash.keystore && echo 1 \| bin/logstash -e "" \| grep pipeline.workers'

jsvd / with_copy.txt

Last active May 2, 2024 13:32

	❯ cat with_copy/Dockerfile
	FROM centos:7

	COPY logstash-8.13.2-linux-aarch64.tar.gz /tmp/logstash.tar.gz
	RUN tar -zxf /tmp/logstash.tar.gz && rm /tmp/logstash.tar.gz

	❯ docker build -q with_copy
	sha256:fce85351f818038d93afbd4005ff4fe10a2d7771ce1e603a54f91300e4032d1e

	❯ docker run -it fce85351f818038d93afbd4005ff4fe10a2d7771ce1e603a54f91300e4032d1e /logstash-8.13.2/bin/logstash -V

jsvd / gist:cc81456dd7040d02d1f04f654b822ff2

Created April 5, 2024 11:55

	❯ for type in inputs filters codecs outputs; do echo "List of $type"; cat ./logstash_node_stats.json \| jq -r ".pipelines \| map(.plugins.$type)[] \| map(.name)[]" \| sort \| uniq -c \| sort -k2; done
	List of inputs
	1 beats
	2 jdbc
	1 syslog
	1 tcp
	List of filters
	1 clone
	4 date
	1 dissect

jsvd / gist:25a83d57eb062a66f970da3fd8a87c42

Created March 12, 2024 11:32

Logstash with verbose:class

This file has been truncated, but you can view the full file.

	❯

	/tmp/logstash-8.12.2
	❯ LS_JAVA_OPTS="-verbose:class" bin/logstash -e "input { generator { count => 1 } } output { stdout {} }"
	Using bundled JDK: /tmp/logstash-8.12.2/jdk.app/Contents/Home

jsvd / socket_high_cpu.rb

Created October 11, 2023 10:43

	require 'socket'

	HOST = 'localhost'
	PORT = 5555

	def connect_and_close
	socket = TCPSocket.new(HOST, PORT)
	linger = [1,0].pack('ii')
	socket.setsockopt(Socket::SOL_SOCKET, Socket::SO_LINGER, linger)
	socket.close

jsvd / beats_writer_ssl.rb

Created July 28, 2023 13:57

	# encoding: utf-8
	# JRUBY_OPTS="-J-Xmx4g -J-Xms4g" ruby beats_writer_ssl.rb
	require "socket"
	require "thread"
	require "zlib"
	require "json"
	require "openssl"

	Thread.abort_on_exception = true
	HOST="127.0.0.1"

jsvd / CAKe.py

Created March 21, 2022 12:28

	# written for python 2.7
	#
	# CAKe : CEF Army Knife experiment
	# A versatile CEF manipulation and generation tool
	#
	# Author : Gaetan Cardinal
	# cardinal_gaetan \|at\| yahoo.fr
	#
	# Version: 0.2
	# Updated: Jan 2014

jsvd / script.rb

Last active December 13, 2021 12:16

	# encoding: utf-8

	# Script to test local Logstash instance for JNDI lookups (Log4j vulnerability)
	#
	# To run, copy script to Logstash folder and run:
	#
	# bin/ruby script.rb
	#
	# Script's steps:
	# Step 1: setup environment

jsvd / gist:c72a51f5ffda234a0d12a590fb03ce82

Created October 4, 2021 12:32

	require 'openssl'
	require 'net/http'

	def cert_from_url(url)
	txt = Net::HTTP.get(URI(url))
	OpenSSL::X509::Certificate.new(txt)
	end

	LEAF_CERTIFICATE = OpenSSL::X509::Certificate.new %q[
	-----BEGIN CERTIFICATE-----

João Duarte jsvd