Chris Green greencm
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| systeminfo|find /i "original" |
greencm
/ nfdumpexport.py
Created
November 19, 2013 16:20
nfdump exports, then exported into splunk. Let's you search for IPs with the index problems of netflow.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/local/python2.7.2/bin/python | |
| # $Id$ | |
| # Author: <[email protected]> | |
| # Purpose: Run nfdump for flow exports so searches happen in splunk for atleast the IP hit | |
| # Created: Wed Aug 28 08:50:27 CDT 2013 | |
| import sys | |
| import unittest | |
| import argparse | |
| import subprocess, datetime |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| dig -t txt _netblocks.google.com | grep spf | perl -nle 'split; for(@_) { if ($_ =~ m/^ip4/) { print substr($_,4); } }' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # convert a list of IPs to an OR bpf filter | |
| import sys | |
| if len(sys.argv) == 2 and sys.argv[1] != '-': | |
| f = open(sys.argv[1]) | |
| else: | |
| f = sys.stdin | |
| ips = [s.strip() for s in f.readlines()] | |
| bpf = "( host " + " or host ".join(ips) + ")" |
greencm
/ gist:5902893
Created
July 1, 2013 17:36
Use nfdump in parallel to look for specific ip address
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| find dirname -type f | parallel 'nfdump -r {} "host $ip"' | tee /tmp/out.txt |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # $Id$ | |
| # Author: <[email protected]> | |
| # Purpose: Count the number of mails in an mbox file | |
| # Created: Fri Jun 28 10:39:13 CDT 2013 | |
| import sys | |
| from mailbox import mbox | |
| import re |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| exec /cygdrive/c/Program\ Files\ \(x86\)/Microsoft\ Office/Office14/EXCEL.EXE `cygpath -w $1` |