Develop Reference

How to use 2 conditions inside the elastic watcher

I'm new to ELK, can i use 2 conditions in Elastic watchers. I am getting a field from logs like data = 0 and data = 1 so i need to use that "data" as condition inside my watcher to elobarate the events.
Thanks in advance

There's many solutions. Here's one using painless script:
[query sections...]
},
"condition": {
"script": {
"source": """
def obj = ctx.payload.hits.hits.0;
if (obj.data.value == 0 || obj.data.value == 1) {
return true;
}
return false;
""",
"lang": "painless"
}
},
"actions": {
[actions sections to follow...]
Of course I'm only making up the CTX context data path. In the example, I am referring to the "data" field of the first returned record. You will have to figure out what you want to check. One common piece of data is from aggregations, then you will have a to access ctx.payload.aggregations.*

Firebase Realtime Rules: Allowing multiple Users Access to Data

So I have my Database structured like this, the owner gets set when the group is created and the owner the should have the permission to add other Users to allowed so they can access and edit the data too.
-Groups
|-Groupname
|- Owner: string
|- Allowed: List<string>
|- Data: all the data
So my attempt were these rules but they dont work when I use the playground feature with a saved uid under owner or allowed:
"Groups" : {
"$group": {
".read": "auth != null && (data.child('Owner').val() === auth.uid || data.child('Allowed').val() === auth.uid)",
".write": "auth != null && (data.child('Owner').val() === auth.uid || data.child('Allowed').val() === auth.uid)"
}
}
And would a User still be able to create a new group when these rules would work?
Pictures of the Database and Errors:

First, in the Realtime Database, avoid using arrays and use a map instead.
Change this:
"Allowed": {
"0": "8ZiQGBPFkiZOLgLJBgDeLw9ie9D3",
"1": "KEuhrxnAWXS0dnotjhjFAYUOcm42",
"2": "48yULftKSxgyS84ZJC4hs4ug4Ei2"
}
to this:
"Allowed": {
"8ZiQGBPFkiZOLgLJBgDeLw9ie9D3": true,
"KEuhrxnAWXS0dnotjhjFAYUOcm42": true,
"48yULftKSxgyS84ZJC4hs4ug4Ei2": true
}
Read that linked blog post for more info, but in short, it makes adding/removing users really simple:
const groupRef = firebase.database.ref(`Groups/${groupId}`);
// add a user
groupRef.child("E04HLbIjGDRUQxsRReHSKifaXIr2").set(true);
// remove a user
groupRef.child("KEuhrxnAWXS0dnotjhjFAYUOcm42").remove();
You can also change true to whatever you want. Here are some examples:
false = participant, true = moderator
false = read-only, true = can edit
Role names: "member", "admin", "moderator", etc.
Privilege levels: 0 (member), 500 (moderator), 1000 (owner), etc. (make sure to space these out, you don't want to have to add in a level between 0 and 1 and have to edit your entire database).
The most important point though, is that Realtime Database security rules don't know about arrays. data.val() won't return an array, it will just return a sentinel value that says "non-null object is here!". This means a map is necessary for security rules.
This reference document covers the structure and variables you can use in your Realtime Database Security Rules.
With your proposed rules, you attempt to allow any user in the group to be able to write to the group's data - but you don't manage what they can and can't write to. Any malicious member of a group could add/delete anyone else, make themselves the owner, or even delete the group entirely.
{
"rules": {
"Groups" : {
"$group": {
// If this group doesn't exist, allow the read.
// If the group does exist, only the owner & it's members
// can read this group's entire data tree.
".read": "!data.exists() || (auth != null && (data.child('Owner').val() === auth.uid || data.child('Allowed').child(auth.uid).val() === true))",
"Owner": {
// Only the current owner can write data to this key if it exists.
// If the owner is not yet set, they can only claim it for themselves.
".write": "auth != null && (data.val() === auth.uid || (!data.exists() && newData.val() === auth.uid))",
// Force this value to be a string
".validate": "newData.isString()"
},
"Allowed": {
// Only the owner can edit the entire member list
// For a new group, the owner is also granted write access
// for it's creation
".write": "auth != null && (data.parent().child('Owner').val() === auth.uid || (!data.exists() && newData.parent().child('Owner').val() === auth.uid))",
"$member": {
// Allows the user to remove themselves from the group
".write": "auth != null && auth.uid === $member && !newData.exists()",
// Force this value to be a boolean
".validate": "newData.isBoolean()"
}
},
"Data": {
// The owner and members can edit anything under "Data"
// Currently this includes deleting everything under it!
// For a new group, the owner is also granted write access
// for it's creation
// TODO: tighten structure of "Data" like above
".write": "auth != null && (data.parent().child('Owner').val() === auth.uid || data.parent().child('Allowed').child(auth.uid).val() === true || (!data.exists() && newData.parent().child('Owner').val() === auth.uid))"
}
}
}
}
}

Basic Use of Tmp-String-0

I'm trying to use the Tmp-String-0 variable within a dhcp site enabled.
My version is old and in production (2.1.12).
Here is the content of my dhcp file.
dhcp DHCP-Discover {
update control{
Tmp-String-0 = "%{sql: CALL sqlprocedure('%{DHCP-Agent-Circuit-Id}','%{DHCP-Gateway-IP-Address}','%{DHCP-Relay-Remote-Id}')}"
}
if(control:Tmp-String-0 != "" ) {
update reply {
DHCP-Message-Type = DHCP-Offer
}
}
else {
update reply {
DHCP-Message-Type = DHCP-NAK
}
}
update reply {
DHCP-Your-IP-Address = "control:Tmp-String-0"
}
}
And here is the result I have in debug mode.
rlm_sql_mysql: query: CALL sqlprocedure('value','1.2.3.4','value')
sql_xlat finished
rlm_sql (sql): Released sql socket id: 4
expand: %{sql: CALL sqlprocedure('%{DHCP-Agent-Circuit-Id}','%{DHCP-Gateway-IP-Address}','%{DHCP-Relay-Remote-Id}')} -> 10.10.10.10
++[control] returns noop
++? if (control:Tmp-String-0 != "" )
? Evaluating (control:Tmp-String-0 != "" ) -> TRUE
++? if (control:Tmp-String-0 != "" ) -> TRUE
++- entering if (control:Tmp-String-0 != "" ) {...}
+++[reply] returns noop
++- if (control:Tmp-String-0 != "" ) returns noop
++ ... skipping else for request 445: Preceding "if" was taken
ERROR: Failed parsing value "control:Tmp-String-0" for attribute DHCP-Your-
IP-Address: Failed to find IP address for control:Tmp-String-0
++[reply] returns fail
I don't know what is wrong with that maybe I should use the operator "=" instead of ":=".
What do you think?
Many thanks, Will

Did you try the following
update reply {
DHCP-Your-IP-Address = "Tmp-String-0"
}

Icinga2 client Host culster-zone check command not going down (RED) when lost connection

I have setup a single master with 2 client endpoints in my icintga2 monitoring system using director with Top-Down mode.
I have also setup 2 client nodes with both accept configs and accept commands.
(hopefully this means I'm running Top Down Command Endpoint mode)
The service checks (disk/mem/load) for the 3 hosts are returning correct results. But my problem is:
according to the example from Top Down Command Endpoint example,
host icinga2-client1 is using "hostalive" as the host check_command.
eg.
object Host "icinga2-client1.localdomain" {
check_command = "hostalive" //check is executed on the master
address = "192.168.56.111"
vars.client_endpoint = name //follows the convention that host name == endpoint name
}
But one issue I have is that
if the client1 icinga process is not running,
the host status stays GREEN and also all of service status (disk/mem/load) stay all GREEN as well
because master is not getting any service check updates and hostalive check command is able to ping the node.
Under Best Practice - Health Check section,
it mentioned to use "cluster-zone" check commands.
I was expecting while using "cluster-zone",
the host status would be RED
when the client node icinga process is stopped,
but somehow this is not happening.
Does anyone has any idea?
My zone/host/endpoint configurations are as follows:
object Zone "icinga-master" {
endpoints = [ "icinga-master" ]
}
object Host "icinga-master" {
import "Master-Template"
display_name = "icinga-master [192.168.100.71]"
address = "192.168.100.71"
groups = [ "Servers" ]
}
object Endpoint "icinga-master" {
host = "192.168.100.71"
port = "5665"
}
object Zone "rick-tftp" {
parent = "icinga-master"
endpoints = [ "rick-tftp" ]
}
object Endpoint "rick-tftp" {
host = "172.16.181.216"
}
object Host "rick-tftp" {
import "Host-Template"
display_name = "rick-tftp [172.16.181.216]"
address = "172.16.181.216"
groups = [ "Servers" ]
vars.cluster_zone = "icinga-master"
}
object Zone "tftp-server" {
parent = "icinga-master"
endpoints = [ "tftp-server" ]
}
object Endpoint "tftp-server" {
host = "192.168.100.221"
}
object Host "tftp-server" {
import "Host-Template"
display_name = "tftp-server [192.168.100.221]"
address = "192.168.100.221"
groups = [ "Servers" ]
vars.cluster_zone = "icinga-master"
}
template Host "Host-Template" {
import "pnp4nagios-host"
check_command = "cluster-zone"
max_check_attempts = "5"
check_interval = 1m
retry_interval = 30s
enable_notifications = true
enable_active_checks = true
enable_passive_checks = true
enable_event_handler = true
enable_perfdata = true
}
Thanks,
Rick

phpinfo to check server configuration

I would like to ask how to check server configuration (CPU, system, RAM) by "grep" phpinfo sub-information (or any other php commands), if any.
<? if (phpinfo system info == "something A"
&& phpinfo CPU info == "something B"
&& phpinfo RAM info == "something C") {
//Redirect to index.php and not allowed to access in-pages.
header('Location: index.php');
}
?>

// Get CPU name
$cpuinfo = file('/proc/cpuinfo');
$cpu = substr($cpuinfo[4],13);
// Get memory size
$meminfo = file('/proc/meminfo');
$memsize = substr($meminfo[0],10);
// Get IP address
$arp = file('/proc/net/arp');
$arp1 = explode(" ", $arp[1]);
$ipv4 = $arp1[0];
if (strpos($ipv4,[your device ip address]) !== false
&& strpos($memsize,[your device memory size]) !== false
&& strpos($cpu,[your device CPU name]) !== false) {
// go
}