2023/05/24


/usr/sbin/iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport 22 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp -s 0/0 --dport 22 -j DROP
/usr/sbin/iptables -A INPUT -s 127.0.0.1 -j ACCEPT
/usr/sbin/iptables -A INPUT -s 192.168.0.0/16 -j ACCEPT
/usr/sbin/iptables -A INPUT -s 10.0.0.0/8 -j ACCEPT

/usr/sbin/iptables -A INPUT -m state --state  ESTABLISHED -j ACCEPT
在DROP前必須加上以上這行 封包才能出去

/usr/sbin/iptables -A INPUT -s 0/0 -j DROP
張貼者: 沒有留言:
標籤:

2023/05/05

一直以來都會定時去 graylog 撈 資料

會使用到多個 OR 的下法

accept AND ( 192.168.33.238 OR 192.168.34.215 OR 192.168.33.43 OR 192.168.34.142 OR 192.168.54.247 OR 192.168.7.253 OR 192.168.26.237 OR 192.168.26.228 OR 192.168.25.211 OR 192.168.25.206 OR 192.168.25.117 OR 192.168.26.104 OR 192.168.25.183 OR 192.168.31.241 OR 192.168.30.112 OR 192.168.30.80 OR 192.168.29.6 OR 192.168.29.3 OR 192.168.30.60 OR 192.168.30.58 OR 192.168.29.143 OR 192.168.30.57 OR 192.168.29.223 OR 192.168.29.164 OR 192.168.29.84 OR 192.168.30.200 OR 192.168.30.32 OR 192.168.29.29 OR 192.168.29.199 OR 192.168.29.205 OR 192.168.29.210 OR 192.168.29.200 OR 192.168.29.234 OR 192.168.30.220 OR 192.168.30.194 OR 192.168.29.83 OR 192.168.29.4 OR 192.168.30.108 OR 192.168.29.177 OR 192.168.29.107 OR 192.168.29.32 OR 192.168.30.33 OR 192.168.30.173 OR 192.168.30.247 OR 192.168.30.122 OR 192.168.30.55 OR 192.168.29.19 OR 192.168.29.10 OR 192.168.30.123 OR 192.168.30.201 OR 192.168.29.253 OR 192.168.30.85 OR 192.168.29.48 OR 192.168.30.37 OR 192.168.30.66 OR 192.168.9.100 OR 192.168.30.163 OR 192.168.30.114 OR 192.168.30.59 OR 192.168.30.199 OR 192.168.30.227 OR 192.168.30.41 OR 192.168.29.246 OR 192.168.29.161 OR 192.168.74.248 OR 192.168.74.12 OR 192.168.10.111 OR 192.168.10.104 OR 192.168.50.154 OR 192.168.52.1 OR 192.168.52.3 OR 192.168.50.243 OR 192.168.50.220 OR 192.168.50.179 OR 192.168.50.99 OR 192.168.50.138 OR 192.168.50.98 OR 192.168.50.182 OR 192.168.50.206 OR 192.168.50.234 )


但今天使用同樣的語法

出現以下的 error


While retrieving data for this widget, the following error(s) occurred:

OpenSearch exception [type=too_many_nested_clauses, reason=Query contains too many nested clauses; maxClauseCount is set to 1024].


問了bing


要修改 /etc/opensearch/opensearch.yml

加上 

indices.query.bool.max_clause_count: 10240

重啟 opensearch 目前正常

張貼者: 沒有留言:
標籤: ,

2023/05/03

因應centos 7 的EOS 
最近把 grafana 轉到 debian

grafana 安裝好後移轉資料


Install used plugin on new server

    grafana-cli plugins install grafana-image-renderer
    grafana-cli plugins install grafana-clock-panel
    grafana-cli plugins install grafana-worldmap-panel

Stop Grafana service on source and destination server

Copy /var/lib/grafana/grafana.db from old to new server

Check /etc/grafana/grafana.ini

    以上copy完後要注意檔案擁有者及權限問題

Restart Grafana

Regular connection to the grafana url

Dashboard, datasource, users, psw, team,… are the same


因為之前有在本机開 influxdb
所以移轉

influxd backup /tmp/backup
    
    只備分資料結構不備分資料

influxd restore -metadir /var/lib/influxdb/meta /tmp


本來有開API給遠端撈資料
在9版之後改成 service accounts
所以直接轉換

轉後去後遠端還是撈不到資料 本來以為是key的問題
查了log才發現要補一些package

apt install libglib2.0-0
apt install libnss3
apt install libatk1.0-0
apt install libatk-bridge2.0-0
apt install libcups2
apt install libdrm2
apt install libxkbcommon0
apt install libxcomposite1
apt install libxdamage1
apt install libxfixes3
apt install libxrandr2
apt install libgbm1
apt install libpangocairo-1.0-0
apt install libasound2


目前看來是都正常了




張貼者: 沒有留言:
標籤: ,
訂閱: 文章 (Atom)