网事随记
input { file { path => [ "/mnt/logs/ids/dns.log" ] sincedb_path => "/dev/null" start_position => "beginning" #Поменять на end# tags => ["dns"] } file { path => [ "/mnt/logs/ids/fast.log" ] sincedb_path => "/dev/null" start_position => "beginning" #Поменять на end# tags => ["ids"] }
09/20/2020-00:18:32.710309 [**] [1:2010935:3] ET SCAN Suspicious inbound to MSSQL port 1433 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 213.212.243.106:49614 -> 1.1.1.1:1433
barnyard2-master.zip https://codeload.github.com/firnsy/barnyard2/zip/master base-1.4.5.tar.gz https://nchc.dl.sourceforge.net/project/secureideas/BASE/base-1.4.5/base-1.4.5.tar.gz daq-master.zip https://codeload.github.com/jasonish/daq/zip/master adodb-5.20.18.zip https://nchc.dl.sourceforge.net/project/adodb/adodb-php5-only/adodb-520-for-php5/adodb-5.20.18.zip Image_Canvas-0.3.5.tgz http://download.pear.php.net/package/Image_Canvas-0.3.5.tgz
1、 yum install epel-release 2、 sudo yum -y install gcc libpcap-devel pcre-devel libyaml-devel file-devel \ zlib-devel jansson-devel nss-devel libcap-ng-devel libnet-devel tar make \ libnetfilter_queue-devel lua-devel PyYAML libmaxminddb-devel rustc cargo \ lz4-devel
